An alert from software giant Symantec on Monday announced an “ongoing campaign” by Russia-based cyber-terrorists who have changed their focus from espionage to sabotage. Their primary targets are energy companies using oil and natural gas to provide electrical power to the national grid.
The infections are so powerful that not only can they disrupt internal messaging and controls but they can also disrupt the operations of the physical power plants and pipelines, according to Symantec:
An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims.
The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and … could have caused damage or disruption to energy supplies in [the] affected countries.
The attacks emanating from Russia target not only the United States but Spain, France, Italy, Germany, Turkey, and Poland, but they are focused primarily on the United States and Spain.
Symantec said that Dragonfly is no small group of weekend hackers, either: "The Dragonfly group is technically adept and able to think strategically … the group found a “soft underbelly” … invariably smaller, less protected companies."
According to Symantec, this a government-sponsored operation: "The Dragonfly group is well-resourced with a range of malware tools at his disposal and is capable of launching attacks through a number of different [malware protocols]."
Eric Chien, the chief researcher for Symantec, is frightened over the implications of its discoveries: "When they do have that type of access, that motivation wouldn’t be [just] for espionage. When we look at where they’re at, we’re very concerned about sabotage."
Dragonfly has already had success in infecting “industrial control systems” (ICS) equipment providers by using “software with a remote access type Trojan.” Once installed, the software handed off control of physical plant operations to the saboteurs in Russia:
[The Trojan] caused companies to install the malware when downloading software updates [to their] computers running ICS equipment.
These infections not only gave the attackers a beachhead in the targeted organizations’ networks but also gave them the means to mount sabotage operations.
Click here to read the entire article.