Hacking campaign has targeted US energy sector

• 6 years ago (2017-09-07)
• David Flin

Distribution 107 Transmission 181

---

A report released by the computer software protection company Symantec has said that hackers have been implanting malware in the international energy sector, including the USA, in a campaign dating back to 2015.

Symantec identified the new campaign, which displayed a rapid increase in activity in 2017. It has called this series of attacks “Dragonfly 2.0”, due to an apparent connection to a group Symantec calls Dragonfly. The group is also called Energetic Bear. Energetic Bear/Dragonfly is a well-known energy sector hacking group.

According to the report, the new campaign focuses on US, Swiss, and Turkish networks, with traces of activity seen in other countries. Energy sector employees appear to have inadvertently infected their networks by visiting malware-laced websites, through phishing attacks, and by being offered fake updates for Adobe’s Flash multimedia player.

Eric Chien, Technical Director of Symantec’s security technology and response division, said that the attacks were primarily directed at companies involved in power generation, transmission, and distribution.

Chien warned that the attacks harvested credentials, so fixing the problem required more than eliminating the malware from the system. Instead, he said, anyone with access to those networks might need to change usernames and passwords.