Western energy facilities targeted by hackers
Energy facilities in the U.S., Switzerland, and Turkey have been targeted by a sophisticated hacking group known as Dragonfly, Symantec reports. The campaign, which has created the potential for sabotage and disruption, is being called "Dragonfly 2.0," since the group has launched attacks before.
Why it matters: Sabotage attacks tend to be preceded by intelligence-gathering campaigns, and these hackers have gotten farther than any other group when it comes to American power company systems, according to Symantec Security Analyst Eric Chien.
The hackers are to the point where "they could have induced blackouts on American soil at will," as WIRED's Andy Greenberg writes. (Think, for example, Stuxnet, suspected to be launched jointly by the U.S. and Israel to impact an Iranian nuclear facility.)
What they did: It appears the hackers are interested in learning how the energy facilities operate — the hackers used spear phishing, trojanized software, and watering hole websites to lure in victims to steal credentials to even gain access to operational systems. One particularly notable tactic here is that the hacking group saved screenshots of their hacking efforts in a clearly categorized format noting machine description and location, potentially indicating an interest in operational access.
- Who's behind it: "Attributes of this attack are similar to those perpetrated by nation-states," according to Raytheon's Chief Strategy Officer for Cyber Services, Josh Douglas. But attribution is difficult to peg down with cyber attacks. In particular, the code used in the malware were in Russian and French both, one of which could be a false lead.
- What it means: Cyber attacks "don't always happen instantly, but instead can take years to unfold," according to Douglas. This means we might not know the full extent of the hack yet
- The trend: It's not the first time the energy industry has been the center of cyber attacks. Recall the cyber hack that crippled Ukraine's power grid in 2015 and 2016, as well as a few recent reports about attacks on electricity in Europe and the management side of U.S. energy facilities.