Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
World Wide Web
Cisco UCS Invicta Series flash memory systems
Average Rating:
Rate this article:  
Cyberspies Believed Targeting Western Energy Firms
Cyberspies Believed Targeting Western Energy Firms

By Linda M. Rosencrance
July 1, 2014 2:47PM

Bookmark and Share
The Dragonfly Group "is able to mount attacks through multiple vectors and compromise numerous third-party Web sites,” Symantec said. “Dragonfly has targeted multiple organizations in the energy sector over a long period....Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.”
 



A group of cyberattackers has been planting malware in the industrial control system (ICS) software of energy companies in the U.S. and Europe to spy on their operations, according to researchers at security firm Symantec.

Among the targets of the group of attackers, identified by Symantec as Dragonfly, were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey and Poland.

Known by other security vendors as Energetic Bear, the Dragonfly Group appears to have been in operation since at least 2011 and maybe even longer. Dragonfly initially targeted defense and aviation companies in the U.S. and Canada before shifting its focus mainly to U.S and European energy firms in early 2013.

State-Sponsored Hackers?

Analysis of the timestamps on the malware used by the attackers indicates that the group mostly worked between Monday and Friday, mainly in a nine-hour period that corresponded to a 9 a.m. to 6 p.m. working day in the UTC +4 time zone. Based on that information, it is likely the attackers are based in Eastern Europe and are a state-sponsored operation, Symantec said.

The Dragonfly Group displays a high degree of technical capability, Symantec said in a blog post on Tuesday. The attackers have not yet used their cyberespionage tools to inflict serious damage or disrupt energy supplies in the affected countries. But it is believed to be only a matter of time.

Worst May Be Coming

“The group is able to mount attacks through multiple vectors and compromise numerous third-party Web sites in the process,” Symantec said. “Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.”

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different points. Its most ambitious attack infected the software of a number of industrial control system equipment providers with a remote access-type Trojan.

This caused those companies to install the malware when they downloaded software updates for computers running ICS equipment, giving the attackers a way into the organizations’ networks, as well as giving them the means to mount sabotage operations against infected ICS computers, Symantec researchers said.

The attacks by Dragonfly follow those of Stuxnet, the first known major malware campaign to target ICS systems. However, Stuxnet only targeted the Iranian nuclear program, with sabotage as its primary goal. Dragonfly, on the other hand, seems to have a much broader focus with espionage and persistent access as its main focus, with sabotage an option for the future.

Two Malware Tools

In addition to compromising ICS software, Dragonfly has also used spam e-mail campaigns and watering-hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea, a custom piece of malware, either written by or for the attackers, and Trojan.Karagany.

Before it published its findings, Symantec notified affected victims and relevant national authorities, including the Computer Emergency Response Team centers that handle and respond to Internet security incidents.
 

Tell Us What You Think
Comment:

Name:



UCS Invicta: Integrated Flash Why wait for the future? Unlock the potential of your applications and create new business opportunities today with UCS Invicta Series Solid State Systems. Take advantage of the power of flash technology. See how it can help accelerate IT, eliminate data center bottlenecks, and deliver the peak application performance and predictability your users demand. Click here to learn more.


 World Wide Web
1.   Tor Internet Privacy Service Breached
2.   Amazon Invests $2B To Grow in India
3.   Many Sites Are Studying Consumers
4.   Facebook To Force Use of Messenger
5.   OkCupid Experiments with Daters


advertisement
OkCupid Experiments with Daters
Unethical without user consent?
Average Rating:
Radical.FM's Freemium Biz Model
Online radio startup asks for donations.
Average Rating:
Many Sites Are Studying Consumers
Facebook and OKCupid are not alone.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New 'Backoff' Malware Slips Undetected into Retail Systems
'Malicious actors' are using a new variety of malware to access consumer payment data remotely through point-of-sale systems, according to a report from the Department of Homeland Security.
 
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
USB Security Flaw Lets Hackers Hijack PCs
Hackers can use the firmware that controls USB functions to take control of computers, say security experts. That means there may be a new class of attack for which there are no defenses.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
BlackBerry Messenger Now Available on Windows Phone
BlackBerry's free Messenger chatting and voice app is out of beta and widely available for Windows Phone users, the company said. BBM offers secure messaging, Groups, Voice, Channels and more.
 
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.