According to a new report by security firm Symantec Corp, Cyber attackers have been targeting energy and utility companies in the United States and Europe since 2011. The security firm said that the malware targeting industrial control systems was capable of sabotaging electric grids, power generators and petroleum pipelines.
Symantec identified the attackers as Dragonfly, also known as Energetic Bear which appeared to be an operation based in Eastern Europe based on the hours of activity of those involved. The attackers initially targeted defence and aviation firms in the US and Canada. The focus shifted to US and European energy organizations in early 2013.The Stux-net like malware targeting energy and utility companies appeared to have originated most certainly from Russia.
In a blog post Symantec said that the Dragonfly group was well resourced, with an array of malware tools at its disposal that was capable of launching attacks through several different vectors including spam email with malicious attachments, and browser tools which can install malware. Its most vicious attack campaign saw it imperil several industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This resulted in companies installing the malware while downloading software updates for computers operating ICS equipment. These attacks not only gave the hackers a foothold in the targeted companies’ networks, but also provided them the means to mount sabotage operations against infected ICS computers.
Once the malware is installed on a victim's computer, it collects system information and can obtain data from the computer's address book and other directories.
"The Dragonfly group is technically adept and able to think strategically," Symantec said. "Given the size of some of its targets, the group found a 'soft underbelly' by compromising their suppliers, which are invariably smaller, less protected companies."
In the recent months, officials in the US and elsewhere have exhibited growing apprehensions about cyber attacks which could impede crucial infrastructure systems such as electric grids, dams, transportation systems, wind turbines and gas pipelines at will.
Symantec said it has apprised the targets of the attacks as well as pertinent national authorities, such as the US Computer Emergency Response Team. The afflicted companies were not named, but Symantec said victims of Dragonfly included major electricity generation firms, energy grid operators, energy industry industrial equipment providers and petroleum pipeline operators. Most victims were based in the United States, Spain, France, Italy, Germany, Turkey, and Poland.