Western energy companies under ‘state-backed’ sabotage threat from Dragonfly, security firms warn

Critical national infrastructure firms have been advised by security experts Symantec to check their networks after the discovery of a new attack, codenamed Dragonfly. Also known as Energetic Bear, Dragonfly is said to be capable of doing damage to utilities on the same scale as Stuxnet.

A continuing cyberespionage campaign against various targets, mainly in the energy sector, is reported to have given attackers the ability to mount sabotage operations against companies, Jeremy Cowan reports. The attackers, known to Symantec as Dragonfly, have already compromised a number of strategically important organisations worldwide for industrial espionage. If they continue to use the sabotage capabilities open to them, says Symantec, they could damage or disrupt energy supplies in affected countries.

Among Dragonfly’s targets are energy grid operators, major electricity generating firms, petroleum pipeline operators, and energy industry equipment providers. Most of the enterprises falling victim to these attacks are in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

Dragonfly targets. Source: Symantec
Dragonfly targets. Source: Symantec

Figure. Top 10 countries by active infections (where attackers
stole information from infected computers)

 

Well resourced hacking campaign

With a range of malware tools at its disposal and having launched attacks through a number of different vectors, the Dragonfly group is described as “well resourced”. It has compromised a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This has caused companies to install the malware when downloading software updates for computers running ICS equipment. Said a spokesman for Symantec, “These infections not only gave the attackers a beachhead in the targeted organisations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.”

Symantec added: “This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear programme and had sabotage as its primary goal, Dragonfly appears to have a broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required. In addition to compromising ICS software, Dragonfly has used spam email campaigns and ‘watering hole’ attacks to infect targeted organisations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Symantec has already notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to internet security incidents.

Dragonfly may be state-sponsored

The Dragonfly group, appears to have been in operation since at least 2011 and initially targeted defence and aviation companies in the US and Canada before shifting its focus to US and European energy firms in early 2013. The campaign against the European and American energy sector soon expanded in scope, and reportedly bears the hallmarks in high technical capability of a state-sponsored operation.

Commenting on the attacks, director of security research, Tom Cross at network intelligence firm Lancope said: “This is an attack that is directly targeted at western industrial control systems and is suspected to be of Russian origin. Although we don’t know the motive behind these attacks, the purpose of controlling these systems may be to disable them at some point in the future. Russia has used cyberattacks in conjunction with conventional warfare in the past, such as the 2008 conflict between Russia and Georgia. Therefore, it is alarming to hear that a malware variant suspected of having Russian origin has been directly targeted at industrial infrastructure.”

Security

Symantec Corporation (NASDAQ: SYMC) is an information protection expert. Founded in April 1982, Symantec is a Fortune 500 company that operates one of the largest global data intelligence networks The company has provided security, back-up and availability solutions for businesses storing, accessing and sharing information.

Lancope, Inc. is a provider of network visibility and security intelligence to defend enterprises against today’s threats. By collecting and analysing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch® System is said to help organisations quickly detect a wide range of attacks.

 

RECENT ARTICLES

FlorLink’s SmartHub solution connects to cloud using Sequans Monarch cellular IoT connectivity tech

Posted on: December 7, 2022

6 December 2022 – Sequans Communications S.A., a provider of cellular IoT chips and modules, and FlorLink, IoT technology and solutions provider, collaborated on FlorLink’s new SmartHub retail solution, which is now connected to the cloud by Sequans Monarch cellular IoT connectivity technology. SmartHub includes a large suite of sensors that can monitor multiple sales

Read more

PLVision launches SONiC Core to help organisations with faster network disaggregation

Posted on: December 7, 2022

1 December 2022 – PLVision, a custom software product development company focused on open networking systems has announced the launch of its SONiC Core initiative aimed at extending the reach of Community SONiC to drive its adoption in new, demanding markets. PLVision’s initiative will help simplify and speed up SONiC deployments and SONiC-based product development.

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more