How Russian hackers are targeting Europe and US energy

Security

by Jimmy Nicholls| 30 June 2014

Symantec says group is sabotaging European and American industry.

Hacking group Dragonfly is targeting the energy sector through industrial control systems (IDCs), as part of what security firm Symantec believe is an espionage campaign.

Phishing emails and watering hole attacks, in which weaker organisations are compromised in order to transmit viruses to stronger ones, are being used to install remote access tools (RAT) on target systems in Europe and North America, according to the firm.

Symantec said: "The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a "soft underbelly" by compromising their suppliers, which are invariably smaller, less protected companies."

The hacking group's preferred piece of malware is a RAT called Backdoor.Oldrea which can be used to steal data and install further viruses on to a machine, and is believed by Symantec to have been custom built for Dragonfly's use.

Another tool the group uses is called Trojan.Karagany, which has many similar capabilities to Oldrea but is available on underground markets.

"Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability," Symantec said.

Also known as Energetic Bear, the group is thought by the security firm CrowdStrike to be tied to the Russian government, and has been active since at least 2011, initially focusing on North American aviation firms.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.