A long-running hacking campaign by Dragonfly threat group hits energy stations in the United States and Europe. Security researchers warn about the rapidly growing campaign of cyber attacks.
The cybersecurity company Symantec announced that highly sophisticated hacker group, known as Dragonfly, targets power companies in the United States, Turkey, and Switzerland.
The Dragonfly group has been operating in the industry since 2011 and has been previously linked to Russia.
Cybercriminals were trying to gather intelligence, including technical diagrams, crypto- keys, reports, passwords and more. In addition to that, hackers also attempted to obtain executive control of systems in power facilities. However, the purpose of these attacks has not yet been revealed.
According to the security firm:
The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.
Dragonfly’s cyber attacks campaign was similar to targeted power companies in Ukraine in 2015 and 2016. These attacks caused power breakdowns in some country parts and led it into darkness. Unfortunately, security researchers have not discovered any relationship between incidents in Ukraine and the current attacks carried by Dragonfly.
The Dragonfly cybercriminals group have employed well-known ‘off-the-shelf’ malware together with widely used administration tools for its attacks against power companies. According to Symantec, these attacks could be seen as a part of the approach to thwart attribution attempts. Approximately 100 such breaches have been seen since the beginning of 2017 and almost half of them in the United States.
In addition, researchers also indicated that some parts of the malicious actor code were written in Russian, while others were written in French.
Researchers at Symantec also added that:
Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it. What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so.