The days are gone when cyber criminals used to target only computer systems to unfurl malwares. Hacking and taking down computer systems has become too mainstream for the hacking groups, it seems. Nowadays, organizations in the energy sector have become an interesting target for cyber minds.
The Eastern European hacking group, ‘Dragonfly’ is back again and infiltrating European and US Power Facilities. Dragonfly has been active since at least 2011. Since 2013, it has been using phishing sites and Trojans to target organizations in the energy sector in the US and several other countries. Back in 2014, this well resourced group of hackers targeted 1000 Western Energy firms. Dragonfly used different techniques to infect industrial software with Remote Access Trojan (RAT) in order to access computer systems, including attaching malware to emails, websites and third-party programs.
Now, the Russian group of hackers has already started another campaign dubbed as ‘Dragonfly 2.0’. The cyber security firm, Symantec, who discovered the previous campaign, has warned again about this new campaign. Symantec claimed that it has evidence indicating that the Dragonfly 2.0 campaign has been underway since at least December 2015 and has identified a distinct increase in activity in 2017. Symantec mentioned, “As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software.”
The primary goal of this group of hackers is to espionage. But Symantec has inkling of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries.