Power stations under attack from long-running hacking campaign

Dragonfly threat group is ramping up activities, say researchers

Energy companies in the US and Europe are being targeted by an increasingly intense campaign of cyber attacks, security researchers have warned.

According to security firm Symantec, power companies in the US, Turkey and Switzerland have been targeted by a group of highly sophisticated hackers, which has been operating since at least 2011.

The group, which researchers have dubbed 'Dragonfly', has been attempting to gather intelligence and gain operational control of systems in energy facilities for an unknown purpose.

"The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations," Symantec said.

Advertisement - Article continues below
Advertisement - Article continues below

"The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future."

Dragonfly's targeting of power companies raises echoes of attacks against the Ukrainian energy grid which plunged parts of the country into darkness in 2015 and 2016. However, researchers have not identified any concrete links between those incidents and attacks carried out by Dragonfly, and warned against jumping to conclusions regarding attribution.

The group mostly used popular 'off-the-shelf' malware and widely-available administration tools to carry out attacks, which Symantec theorised could be part of a strategy to thwart attribution attempts.

Researchers also noted what while parts of the malware used by the group were written in Russian, other parts were written in French another potential false flag to throw investigators off the scent.

"Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it," Symantec said.

"What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020