July 1, 2014
US, European Energy Companies Under Attack By Russian Hackers
Peter Suciu for redOrbit.com - Your Universe Online
On Monday, Symantec Corp. reported that a group of Russian hackers – known as "Energetic Bear," as well as "Dragonfly" – is now attacking energy companies in the United States and Europe. The group is reportedly capable of disrupting power supplies, the cyber-security researchers warned.
"An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims," Symantec said in a post on its official Security Response blog. "The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries."
The motive behind the attacks is apparently one of industrial espionage given the importance of the oil and gas industry in Russia.
The group has apparently been in operation since at least 2011 and possibly longer than that. Dragonfly initially targeted defense and aviation companies in the United States and Canada before it shifted its focus mainly to American and European energy firms early last year. Symantec reported that among its targets beginning in early 2013 were energy grid operators, major electricity generation firms, petroleum pipeline operators and energy industry industrial equipment providers. Symantec reported that the majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey and Poland.
The types of cyber-attacks began with phishing efforts that attempted to send malware to personnel in the targeted firms, but expanded to include "watering hole attacks," where compromised websites that were likely to be visited by employees redirected to sites hosting exploit kits. The hacking efforts also included the "Trojanizing" of legitimate software bundles that belonged to three different ICS equipment manufacturers.
These hackers may have something in common with Chinese hacking efforts – namely a connection to the official government. Bloomberg Businessweek reported on Tuesday that the group may have a "nexus to the Russian Federation," according to a report published earlier this year by security researchers CrowdStrike.
It does not appear that the hackers had looked to inflict physical damage, The New York Times reported, "like blowing up an oil rig or power facility," according to Kevin Haley, the director of security response at Symantec. Instead Halley said that the motive was more likely to learn about energy companies' operations, strategic plans and technology.
However, the potential for sabotage remains; it could also have dire consequences.
"For the first time we state explicitly that the cyber realm is covered by Article 5 of the Washington Treaty, the collective defence clause," Jamie Shea, deputy assistant security general for emerging security challenges, told ZDNet. "We don't say in exactly which circumstances or what the threshold of the attack has to be to trigger a collective NATO response and we don't say what that collective NATO response should be."
Instead NATO would review such a cyber-attack on a case-by-case basis, but Shea added that NATO has established a principal that at a "certain level of intensity of damage, malicious intention, a cyber attack could be treated as the equivalent of an armed attack."
SHOP NOW: Honeywell Wi-Fi Smart Thermostat