- The Washington Times - Wednesday, September 6, 2017

A sophisticated hacker group has successfully penetrated dozens of utility companies responsible for supplying power in countries including the U.S., Turkey and Switzerland, a renowned cybersecurity firm warns in a new report.

Symantec said Wednesday that a hacker group being called “Dragonfly 2.0” has infiltrated power companies in the U.S. and abroad at an unprecedented scope and poses the risk of potentially sabotaging the Western energy sector.

A hacker group known as Dragonfly began targeting the energy sector as early as 2011 but significantly scaled back its activities after being detected in 2014, according to Symantec. It remerged in late 2015, however, and has ramped-up its operations in 2016 and 2017 as evidenced by recently breaching dozens of targets using the same hacking tools deployed exclusively in the initial attacks, Symantec said.

“This is the first time we’ve seen this scale, this aggressiveness and this level of penetration in the U.S., for sure,” Eric Chien, technical director of Symantec’s Security Technology & Response Division, told BuzzFeed News.

“What we’re seeing is them getting into dozens, as far as we know, likely more, of organizations who are basically energy companies. We’re talking about organizations who are supplying power to the power grid,” Mr. Chien added.

Dragonfly 2.0 launched its latest wave of attacks in December 2015 by sending malicious emails disguised as an invitation to a New Year’s Eve party to multiple energy sector targets, according to Symantec. The group conducted similar attacks in 2016 and 2017, the report said, and recipients who opened the malicious emails may have inadvertently allowed the hackers to glean sensitive network information useful in future attacks.

“The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future,” Symantec said in a blog post.

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” Mr. Chien told Wired. “We’re now talking about on-the-ground technical evidence this could happen in the U.S., and there’s nothing left standing in the way except the motivation of some actor out in the world.”

The U.S. Department of Homeland Security is aware of the attacks and said there’s no indication at this time of any threat to public safety, BuzzFeed reported.

Symantec declined to attribute Dragonfly to any specific nation-state but said the group is “clearly an accomplished attack group … capable of compromising targeted organizations through a variety of methods.”

“What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so,” Symantec said.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide