In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility's network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations--enough control that they could have induced blackouts on American soil at will. Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies' networks. "There's a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage ... being able to flip the switch on power generation," says Eric Chien, a Symantec security analyst.
A group of hackers has targeted US and European energy companies in an extended campaign that has, in some instances, led to cybersecurity breaches that expose the systems that control companies' operations. The attacks were outlined in a new report from Symantec. The report claims that attacks have allowed the hackers to bypass the security of energy firms in the US, Turkey, and Switzerland, while companies in other countries are thought to have been affected. The hackers appear to have used multiple methods to access target networks, including malicious emails, watering hole attacks, and Trojanized software. The attacks use similar tactics to a group known as Dragonfly, which Symantec says has been active dating back to 2011 and was responsible for a wave of attacks discovered by security researchers in 2014.
Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies' operations, according to researchers at the security firm Symantec. Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a new report. The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview. Hackers have targeted US and European energy companies in a cyber espionage campaign that has in some cases successfully broken into core systems, says Symantec. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.
A hacking campaign is targeting the energy sector in Europe and the US with the potential of sabotaging national power grids, a cybersecurity firm has warned. The group, dubbed "Dragonfly" by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe. Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland. "The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so," the cybersecurity firm warns. Dragonfly's methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms.
Over the last nine months, dozens of U.S. power companies were compromised by an organized hacking group to the extent that some of them could have sabotaged and shut down production and distribution, according to Symantec, a cybersecurity company that discovered the attack. In some cases, this involved access to details about how the company operated, engineering plans and equipment, in some cases even down to the level of controlling valves, pipes or conveyer belts, said Vikram Thakur, principal research manager at Symantec, which discovered the intrusions and first published information about them in a blog posting Wednesday. The level of access could have led to "pretty strong impacts," said Thakur. "It could have taken out the business for a period of a day or two or maybe a month," he said. There are already examples of power companies being attacked by hackers and the lights going out.