Skip to main content

Hackers attacking US and European energy firms could sabotage power grids

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm has warned.
The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe.
Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.
“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the cybersecurity firm warns.
Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are then used to install backdoors on the network allowing the hackers to take control of computers and systems. They’ve also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking third-party websites that were likely to be visited by people working in the energy sector.
Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”
Advertisement
The researchers are unable to determine who is behind the Dragonfly campaign: some of the code is in Russian, but some is in French, “which indicates that one of these languages may be a false flag.
“Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it,” the report concludes.
Attacks on the energy sector have been increasing in frequency and damage in recent years, with Ukraine in particular being at the receiving end of multiple successful strikes. A blackout in west Ukraine in 2015 was caused by a group called Sandworm, while a second attack took out power in the nation’s capital, Kiev, in late 2016.

Comments

Popular posts from this blog

Microsoft Monday: Xbox One Keyboard And Mouse Support, Surface Event Rumors, Guest Support For Teams.

“Microsoft Monday" is a weekly column that focuses on all things Microsoft. This week, Microsoft Monday includes details about the new LinkedIn Audience Network program, keyboard and mouse support for the Xbox One, the Windows 10 S upgrade extension, Halo backward compatibility, a strategic partnership with Adobe, the new My Workspace menu bar app for the Mac, guest support for Teams and much more! Microsoft Is Taking Extra Time For Halo Backwards Compatibility In Order To Live Up To Fan Expectations It is already known that Halo: CE Anniversary, Halo 3, Halo 3: ODST and Halo 4 will be available to play on the Xbox One through the backward compatibility program as announced earlier this year. But it was not clear when. Fortunately, 343 Industries provided an update last week. In a  blog post , 343 Industries acknowledged that players are eager to play the 4 Halo games on the Xbox One. “The Xbox back-compat team is hard at work on final polish and we continue to ...

North Korea ‘hacking Bitcoin exchanges to steal money’ as Kim builds 'criminal enterprise'

Bithumb was hacked in February, although the breach was not noticed until June, and it was only made public in July. At the time one customer claimed more than a million dollars’ worth of digital currency was stolen. Claire Finkelstein, a national security expert and faculty director at the University of Pennsylvania’s Centre for Ethics and the Rule of Law told Buzzfeed News: “This is very consistent with what I would expect North Korea to be doing.” Luke McNamara, a senior analyst with FireEye, also said: “I see there being two macro drivers of this threat activity.” According to Mr McNamara, the first driver was the tightening of sanctions on North Korea's economy. But he added: “You also have cryptocurrencies appreciating significantly since the beginning of the year. So you see cryptocurrency exchanges, particularly in South Korea, becoming a logical target.” Ms Finkelstein warned that Bitcoin is a “high-risk currency” because it can be “easily manipulated” maki...

Google 'Translate' app offers offline translations, conversation mode

Google on Wednesday announced updates to its "Translate" app that would enable users in Bengali, Gujarati, Kannada, Marathi, Tamil, Telugu and Urdu languages to use offline translations and instant visual translation in their preferred language. Google "Translate" has also added support for conversation mode feature -- that lets users have a bilingual conversation with someone, simply by talking to "Translate" app -- in regional languages such as Bengali and Tamil. To activate the feature, users should tap the mic to start speaking in a selected language, then tap the mic again, and the "Translate" app will automatically recognise which of the two languages are being spoken, enabling a smooth conversation, the company said in a statement. Meanwhile, the offline support enables users (of Indian languages) to translate a word or sentence even when they are not connected to the Internet. To use offline translation...