Sophisticated hackers stepped up a cyber espionage campaign targeting US and European energy companies, giving the attackers the ability to potentially cause blackouts whenever they want.
The attackers, a group called Dragonfly, has been conducting cyberattacks on energy companies for years – since at least 2011. The group went quiet after being exposed in 2014. The Dragonfly 2.0 campaign first started by at least December 2015. But over the last year, using malicious email campaigns to harvest network credentials, the hackers managed to penetrate energy firms in the U.S., Switzerland and Turkey. According to a new report by Symantec, they now have the ability to “severely disrupt affected operations.”
Earlier Dragonfly campaigns are believed “to have been more of an exploratory phase,” but Symantec is concerned Dragonfly 2.0 campaigns could be aimed at “access to operational systems, access that could be used for more disruptive purposes in the future.” Put another way, “The group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”