Russian Hackers ‘Energetic Bear’ Group Sabotage Oil And Gas Companies - HotHardware
Russian Hackers ‘Energetic Bear’ Group Sabotage Oil And Gas Companies

Russian Hackers ‘Energetic Bear’ Group Sabotage Oil And Gas Companies

A group of Russian hackers known collectively as either "Energetic Bear" or "Dragonfly" is mounting sabotage operations against a number of power and oil companies primarily located in the U.S. and throughout parts of Europe. Among the group's targets are energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry equipment providers.

Security outfit Symantec says the group is well resourced with access to a wide range of malware tools capable of launching attacks in a variety of ways. They've been operating since at least 2011 and perhaps longer. Initial targets included defense and aviation companies in the U.S. and Canada before the hacking group turned its attention to U.S. and European energy firms early in 2013.

Electricity
Image Source: Flickr (woodleywonderworks)

"[Dragonfly's] most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan," Symantec stated in a blog post. "This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers."

The hacking group has also used spam email campaigns and watering hole attacks to infect its targets. Its two most commonly used malware tools are Backdoor.Oldrea, which appears to be a custom bit of code written by or for the attackers, and Trojan.Karagany.

Symantec has a few detections in place that will protect customers, but it's also worth nothing that "the Dragonfly group is technically adept and able to think strategically."
0
+ -

Al amk Sende Takipci Kas https://www.facebook.com/280964312085759

+1
+ -

Any reason to put the screws to the consumers is a great excuse for these companies. Now we will have to guess which is caused by the hackers and which is deliberately caused by the companies. We all know who will get the blame now, don't we!

0
+ -

I've seen very few companies that are forthcoming either way. Security breaches make you look cheap and inattentive. Especially after the Target fiasco. Stupid contractor didn't want to pay for the real-time version of Malwarebytes...and in the hackers came through someone else's system.

Login or Register to Comment
Post a Comment
Username:   Password: