International energy firms hacked by Eastern European cyber-espionage group
01 July 2014
More than 1,000 energy companies in North America and Europe have been compromised in a huge malware attack unearthed by US security firm Symantec. The hackers are thought to be part of an Eastern European collective known as Dragonfly, which has been in operation since at least 2011.
Eighty four countries were affected, although most of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland. Targets included energy grid operators and industrial equipment providers and Symantec said the primary goal appeared to be espionage.
Since 2013 Dragonfly has been targeting organisations that use industrial control systems (ICS) to manage electrical, water, oil, gas and data systems.
Symantec said Dragonfly had accessed computers using a variety of techniques, including attaching malware to third-party programs, emails and websites, giving it "the capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries".
It had used Backdoor.Oldrea to gather system information, including the computers' Outlook address book and a list of files and programs installed, and Trojan.Karagany to upload stolen data, download new files and run them on infected computers, Symantec said.
The attack is similar to the Stuxnet computer worm, which was designed to attack similar industrial controllers in 2010 and reportedly ruined almost 20% of Iran's nuclear power plants.
Symantec said Dragonfly "bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability".