Active malware operation let attackers sabotage US energy industry

Symantec

Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.

Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex, was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps.

"This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," the Symantec report stated. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."

Read 5 remaining paragraphs | Comments