To Customer Support To Customer Support

Energy Sector Targeted By Cyberespionage Campaign

  • 30 June 2014
  • 6 replies
  • 852 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
June 30th, 2014, 16:37 GMT · By Ionut Ilascu
 


Top 10 countries with systems targeted by Dragonfly group
 Strategically important organizations, most of them from the energy sector, have been compromised in a spying campaign, giving the attackers the possibility to sabotage the affected targets.

Symantec says in a blog post that a group, which they believe to be state-sponsored judging by the resources at their disposal and their technical capabilities, has successfully infiltrated malicious programs into the systems of organizations from the energy industry.

Affected by this campaign are energy grid operators, major electricity generation companies, providers of industrial equipment for the energy sector, and petroleum pipeline operators in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The attackers are known to Symantec by the name of Dragonfly and they seem to be capable of carrying out complex campaigns with the purpose of not just exfiltrating important information, but also of sabotaging the systems of the targeted companies.

The attack vector of the Dragonfly group consists in compromising the websites of the ICS (industrial control system) software providers and replacing the official file with one infected with a remote access Trojan (RAT). Victims would then download the file and infect their systems upon installing it. Full Article 

6 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
If this had been timed to bring down all the suppliers at once it would have caused total mayhem.
 

"Dragonfly" infected grid operators, power generators, gas pipelines, report warns.

by Dan Goodin - June 30 2014
 
"This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," the Symantec report stated. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
 
Full Article
 
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Antone Gonsalves
 
Russian hackers who broke into the networks of Western oil and gas companies used techniques that companies can detect and oftentimes defend against, experts say.
The Russian Federation-based group compromised corporate systems by planting malware in technology suppliers' software and compromising websites visited by energy company employees, Symantec said in a recent report on the attacks.
 
The attackers, which have been operating at least since 2011, were bent on stealing intellectual property and other sensitive information mostly from energy grid operators, major electricity generators, oil pipeline operators and industrial equipment providers. The majority of the targets were in the U.S., Spain, France, Italy, Germany, Turkey and Poland.
The attackers' favorite malware was Backdoor.Oldrea, also known as Havex or the Energetic Bear RAT. Oldrea, custom malware either developed by the group or for it, acted as a back door that let the hackers extract data and install additional software.
The majority of command and control servers appeared to be hosted on compromised computers running content management systems. Oldrea has a basic control panel that lets an authenticated user download a compressed version of data stolen from each victim.
 
Full Article
 
An interesting article discussing way to avoid the attacks.
Ssherjj
Rank
Userlevel 7
Badge +62

Dragonfly Russian Hackers Target 1000 Western Energy Firms

Tuesday, July 01, 2014 Swati Khandelwal[img]https://uploads-us-west-2.insided.com/webroot-en/attachment/12070i2BA037C5EED4856C.jpg[/img]
 
Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it’s ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a Stuxnet-like malware, “Havex”, which was also programmed to infect industrial control system software of SCADA systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even shut down a country’s power grid with a single keystroke. RUSSIAN HACKERS HIT 1000 ENERGY FIRMSRecently, a Russian group of hackers known as 'Energetic Bear' has compromised over 1,000 European and North American energy firms with a sophisticated cyber weapon, similar to Stuxnet, that gave hackers access to power plant control systems, said a security firm. Full Article
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Jamie Crawford, National Security Producerupdated 6:57 PM EST, Thu November 20, 2014 Washington (CNN) -- China and "probably one or two other" countries have the capacity to shut down the nation's power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday.
Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.
"It enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens," Rogers said in testimony before the House Intelligence Committee.
Rogers said such attacks are part of the "coming trends" he sees based on "reconnaissance" currently taking place that nation-states, or other actors may use to exploit vulnerabilities in U.S. cyber systems.
 
Full Article and video.
shorTcircuiT
Rank
Userlevel 7
This is really scary to be honest.  
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
I agree David. The point is, previously if a country wanted to take over another country there had to be an invasion but now it can all be done from a desk many miles away.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.