Monday July 14, 2014
Written by: Captain Planet
The group most recently known as Energetic Bear, previously called Dragonfly, are using malware to infiltrate the industrial control systems of Western energy companies. Over recent months they have targeted petroleum pipeline operators, grid operators, major electricity generation firms and other strategically important energy companies.
Security firm Symantec believe that the Russian government may be backing Dragonfly, explaining “Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability.”
Attacking Monday to Friday between the hours of 9am and 6pm, Dragonfly is thought to have compromised more than 1,000 company’s computer systems to spy on them – they have not yet attempted sabotage. If they were to, they could cause serious disruption to energy supplies.
The attacks have gone on for 18 months, the worst seeing remote-access type Trojans used on numerous industrial control systems. Dragonfly seem to be using similar tactics to those used in Stuxnet attacks, which are believed to have infiltrated Iran’s uranium enrichment facility. It is believed the US were to blame for the 2010 attacks, which temporarily disabled 1,000 centrifuges that were being used to enrich uranium by Iran.
It is believed that Dragonfly use traps set on ‘watering hole’ sites, sites that are trusted by the company targeted and therefore likely to be frequented, to infect the energy companies. This form of cyber-attack is associated with espionage attacks.
Dragonfly have been known to be operating since 2011, when they were targeting defence and aviation companies in the US and Canada. In 2013 they began to attack US and European energy firms, receiving the newer name of Energetic Bear.
Pie Chart: Countries that have been effected by Energetic Bear’s attacks
Although there is, of course, a future risk of sabotage, so far it seems that the malware is being used to spy, rather than sabotage. The Russian government aren’t strangers to cyber spying, with FAPSI (Russia’s Federal Agency of Governmental Communications and Information) being the equivalent of America’s National Security Agency.