According to security researchers, a hacking group named Dragonfly is targeting United States and European energy sectors with alleged plans to attack the electrical grid.
A new report from the security firm Symantec raises concerns on the possible uptick in energy industry-targeted attacks, with great potential for damage following the revitalization of the Dragonfly cyber espionage group.
Analysts say that the new wave of cyber attacks could give Russian hackers the ability to flip power switches at their will and severely disrupt multiple operations in the U.S., Turkey and Switzerland.
A successful hack attack or sabotage of energy companies could mean a total shutdown of electrical grids, mass power outages, disruption to utilities, or even worse.
Top security experts at Symantec believe the hacking group, which has been operating since 2011, has come back on the scene with a new wave of attacks.
This time, the cyber espionage group is going after North American and European energy entities.
The research report revealed that the group is poised to cause nationwide blackouts by crippling power grids.
Experts said the hacking group seems interested in not only learning how energy companies operate but also gaining access to operational systems, to the extent that they can potentially gain control and sabotage these systems should they decide to.
Cyber attacks on infrastructure have a great impact, considering a December 2016 attack in Ukraine that took out part of the country’s power grid, affecting thousands.
The Symantec report points out that there have been attempts to attack power grids in other European countries, as well as nuclear facilities in the U.S. energy companies are becoming a target for cyber attacks as they can be blackmailed for considerably huge amounts of money.
Dragonfly and other hackers use phishing techniques to target employees.
They also target companies by sending spam emails, hoping that an insensitive worker might click on their link and download software which would, in turn, help them snoop on the company’s internal system.
In 2015, the Dragonfly group tried to hoodwink several companies by sending them emails disguised as invitations to a New Year’s Eve party.
In 2016 and 2017, similar attempts were made, claims Symantec analysts.
The hacking group sent emails containing very specific content that is related to the energy sector, along with some general business concerns.
Once these emails are opened, the malicious attachments can leak the victim’s network credentials to the adversary or to a server outside the organization.
Sabotage attacks through these email campaigns are precedent to an intelligence-gathering phase that allows attackers to collect information and acquire network credentials of the target system that will be used later on.
According to Symantec, this phase was the first set of attack that might have set the stage for more destructive attacks in the future, especially considering the group’s current efforts.
In their most recent cyber attacks, the group’s hackers are using malicious emails, Trojanized software and watering hole attacks to breach the victim’s network.
Security researchers at Symantec also identified three specific Trojans that the group is using: Trojan.Karagany, Trojan.Listrix (Karagany stage II) and Trojan.Heriplor (Oldrea stage II).
Most of these methods seem to link the hackers to related previous cyber attacks; however, it is difficult to tell who is behind the group or where it is based.
While the researchers believe that a foreign government might be behind the cyber attacks, they only noted that some part of the code was written in Russian, while the other code strings were in French.
Potential for Sabotage
The energy sector has split its computer systems into two: the administrative side that includes basic office, accounting and email functions, and the operational side which controls connections to the main power grid, machinery and sensors.
These networks are never perfect, meaning they are prone to cyber infiltrations.
Symantec’s report adds to concerns that we face the threat of a global cyber war.
The breach on U.S. and European power companies raises sabotage fears as utilities and other industrial firms are susceptible to damage.
Cyberattacks could damage physical infrastructure, crash economies and destroy governments, bringing the society to its knees.