The group has the ability to disrupt or damage energy supplies in targeted nations

A hacking group has launched a cyber-espionage campaign against western energy firms and the systems that power the electric grid, according to a new report from Symantec

The hacking group -- called Dragonfly -- compromised several important organizations for intelligence purposes, said the report. The main targets were energy grid operators, petroleum pipeline operators, electricity generation firms and industrial equipment providers for the energy sector in the U.S., Spain, France, Italy, Germany, Turkey and Poland.

Alarmingly, Dragonfly could have done much more damage had it used its full sabotage capabilities, such as disrupt (or even damage) energy supplies in targeted nations.

Dragonfly is reportedly well resourced, using two key pieces of malware in its attacks -- both of which are remote access tool (RAT) type malware.
RAT malware provides the attackers with both access and control of compromised computers. 
Dragonfly prefers a malware tool called Backdoor.Oldrea, which acts as a backdoor for the attackers on to the victim’s computer. Once installed on a victim’s computer, Oldrea collects system information and lists of files, programs installed, and root of available drives. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C&C) server controlled by the attackers. 

See the Dragonfly? [SOURCE: Symantec]

Dragonfly also favors a malware tool called Trojan.Karagany, which is capable of uploading stolen data, downloading new files and running executable files on an infected computer. 

Symantec's report said that the majority of computers compromised by the attackers were infected with Oldrea, while Karagany was only used in around 5 percent of infections.

Dragonfly reportedly used methods of attack like email campaigns, compromised legitimate software packages and watering hole attacks.

Protecting energy companies and the grid is a high priority. Back in February 2013, it was revealed that the U.S. Department of Energy (DOE) was hacked, which resulted in the "unauthorized disclosure of employee and contractor Personally Identifiable Information." No confidential information was stolen.

The DOE later released a letter promising to tighten security. It said it was deploying new tools both to protect assets on its servers and to monitor activity for signs of trouble. 

Source: Symantec

"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein
Related Articles
U.S. DOE: We Got Hacked
February 5, 2013, 3:56 PM

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki