Yes, I am talking virtually the 'Dragonfly,' a well-resourced, Eastern European hacking grouping responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of publish energy companies inwards dissimilar countries inwards past times years.
In 2014, nosotros reported virtually the Dragonfly groups mightiness to mountain sabotage operations against their targets—mainly oil pipeline operators, electricity generation firms as well as other Industrial Control Systems (ICS) equipment providers for the publish energy sector.
Researchers from cyber safety theatre Symantec who discovered the previous drive is directly alert of a novel campaign, which they dubbed Dragonfly 2.0, maxim "the grouping directly potentially has the mightiness to sabotage or make command of these systems should it determine to create so" and has already gained unprecedented access to operational systems of Western publish energy firms.
Here are the major highlights of the grouping activities outlined inwards the new report from Symantec:
- The hacking grouping has been active since belatedly 2015 as well as reportedly using same tactics as well as tools that were used inwards before campaigns.
- The major objective of the Dragonfly 2.0 grouping is to collect intelligence as well as make access to the networks of the targeted organization, eventually making the grouping capable of mounting sabotage operations when required.
- Dragonfly 2.0 majorly targeting the critical publish energy sectors inwards the U.S., Turkey, as well as Switzerland.
- Like previous Dragonfly campaigns, the hackers are using malicious e-mail (containing rattling specific content related to the publish energy sector) attachments, watering hole attacks, as well as Trojanized software equally an initial assail vector to make access to a victim's network.
- The grouping is using a toolkit called Phishery (available on GitHub) to perform email-based attacks that host template injection assail to pocket victim's credentials.
- Malware drive involves multiple remote access Trojans masquerading equally Flash updates called, Backdoor.Goodor, Backdoor.Dorshel as well as Trojan.Karagany.B, allowing attackers to render remote access to the victim's machine.
However, Symantec researchers did non discovery whatsoever prove of the Dragonfly 2.0 grouping using whatsoever cipher twenty-four hours vulnerabilities. Instead, the hacking grouping strategically uses publically available direction tools similar PowerShell, PsExec, as well as Bitsadmin, making attribution to a greater extent than difficult.
"The Dragonfly 2.0 campaigns demo how the attackers may endure entering into a novel phase, alongside recent campaigns potentially providing them alongside access to operational systems, access that could endure used for to a greater extent than disruptive purposes inwards future," Symantec believes.Cyber attacks on publish energy grids are non a novel thing. Energy companies inwards Ukraine targeted past times hackers on 2 dissimilar occasions inwards late 2015 as well as late 2016, truly caused the mightiness outage across several regions inwards Ukraine, causing a blackout for tens of thousands of citizens some midnight.
Moreover, Nuclear facilities inwards the United States, including Wolf Creek Nuclear Operating Corporation, were targeted past times a well-known Russian grouping dorsum inwards July this year, simply luckily there's no proof if the hackers were able to make access to the operational systems or not.
Share This :
comment 0 Comments
more_vert