Online security firm Symantec has warned that hackers are targeting the energy sector in Europe and the US, and that cyber-attacks on national power grids could cripple affected countries’ power infrastructure.
The US antivirus vendor said the group behind the attacks, which it has named Dragonfly, has been operating since at least 2011, but has re-emerged over the past two years after it was exposed by Symantec and a number of other online security firms in 2014.
A new campaign launched by the group which appears to have begun in late 2015 uses similar tools and tactics to those detected three years ago.
The hackers seem to be interested in learning how energy facilities operate and how to gain access to operational systems, and could now have the knowledge required to take control of or seriously sabotage energy networks.
In a report published this week, Symantec said the Dragonfly 2.0 campaign involves hackers who are most likely state sponsored targeting energy firms with phishing emails in a bid to gain access to their systems.
The attacks, which Symantec said have become more frequent since April of this year, have so far been recorded in Switzerland, Turkey and the US, but have most likely targeted energy firms in other countries.
While Symantec’s researchers have been unable to ascertain where the attacks are originating from or which group is behind them, some of the code used in the campaign is written in French and Russian, suggesting one of these languages may be a false flag designed to throw investigators off the scent.
Symantec’s findings will add to concerns that hostile states or terrorist groups may be able launch an attack on a country’s energy infrastructure after obtaining information from hacking groups.
“While Symantec cannot definitively determine Dragonfly’s origins, this is clearly an accomplished attack group,” the security firm said in a blog post.
“It is capable of compromising targeted organisations through a variety of methods; can steal credentials to traverse targeted networks; and has a range of malware tools available to it, some of which appear to have been custom developed.
“Dragonfly is a highly focused group, carrying out targeted attacks on energy sector targets since at least 2011, with a renewed ramping up of activity observed in the last year.”
In July, the UK’s National Cyber Security Centre (NCSC) warned that Britain’s energy sector had probably been infiltrated by cyber criminals.
A NCSC document obtained by tech site Motherboard said hackers may have breached the systems of various British organisations that have access to critical systems, and that cyber criminals were targeting companies in the energy sector all over the world.
Motherboard published the contents of the document days after the Times of London revealed that Russian-backed hackers had attempted to access the networks of Irish energy firms.