In a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, technologically advanced hackers have targeted United States and European energy companies, according to researchers at the security firm Symantec.
Symantec said in a report published recently that organizations in the United States, Turkey and Switzerland, and likely other countries well, have been broken into by making use of malicious email campaigns to gain entry into the websites and servers of such organizations.
Eric Chien, a cyber security researcher at Symantec, said in an interview that probably the work of a foreign government and bearing the hallmarks of a hacking group known as Dragonfly, the cyber attacks were witnessed to have started in late 2015 but their frequency was observed to have increased in April of this year.
These organizations seem to be susceptible to hacking and cyber attacks and such attacks and espionage could be leveraged for destructive purposes in the event of a major geopolitical conflict and what adds to the concerns are that such firms comprise of industrial firms, including power providers and other utilities, the research adds.
In the modus-oparendi, hackers sent phishing emails to harvest credentials in order to gain access to targeted networks said the U.S. government and such events prompted the U.S. government to issue warnings to industrial firms about a hacking campaign targeting the nuclear and energy sectors in June.
Alert likely referenced the same campaign Symantec has been tracking, Chien said he believed.
Even though a handful of them, including in the United States, had been compromised on the operational level, the hackers had targeted dozens of companies then, he said. The fact that motivation was “the only step left” preventing “sabotage of the power grid,” is evident from the level of access that the hackers intended to gain, Chien said.
However, some doubts were cast on this assumption and findings by other researchers.
While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.
Lee called the connection to Dragonfly “loose.”
After several cyber firms published research exposing its attacks, Dragonfly appeared to go dormant in 2014 after it had been previously active from around to 2011 to 2014. Widely believed by security experts to be tied to the Russian government was the group, also known as Energetic Bear or Koala.
While noting that the attackers used code strings that were in Russian, Symantec did not name Russia in its report. Additionally suggestions that the attackers may be attempting to make it more difficult to identify them were available because other code used French, Symantec said.
(Adapted from CNBC)