Symantec on Wednesday warned of resurgence by a cyber espionage group that’s apparently interested in learning how energy facilities operate.
The hackers, known collectively as Dragonfly, now potentially have the ability to sabotage or gain control of key energy facility operational systems.
It is believed that the group has been in operation since at least 2011. Symantec and a few other researchers in 2014 exposed some of their activities, forcing them into a “quiet period.”
The security company revealed in a new blog post, however, that it now has evidence that the Dragonfly 2.0 campaign – which shares tactics and tools used in earlier efforts – has been underway since at least December 2015.
“Strong” signs of activity have surfaced in the US, Turkey and Switzerland, as have “traces” of activity in organizations outside of these countries. The group appears to be utilizing common infection vectors including malicious e-mail, Trojanized software and watering hole attacks (compromising websites that are likely to be visited by people involved in a particular sector) to gain access to target networks.
Security experts for years have warned that the power grid and other public utilities are vulnerable to hackers. We’ve become so dependent on modern amenities like electricity that a sudden, sustained disruption would be devastating and leave the country as a whole even more vulnerable to attack.