The group of Russian hackers going by the names “Energetic Bear” as well as “Dragonfly” are systematically attacking the systems of grid operators, petroleum pipelines, electricity generating firms, and other energy companies across Europe and the States.
Russian hackers: Well organized and state-sponsored?
They are well organized and unlike hackers depicted in film that sit in dark basements and work all night, this group appears to work regular hours, almost banking hours, in a time zone shared with Russia which suggests possible government complicity. Over half the attacks that Symantec found occurred in the United States and Spain, but Germany, Italy, France and other countries were also targeted.
Incredible Tax Breaks: How Economic Opportunity Zones Work (Special Report)
This is the first part of a multi-part series on Economic Opportunity Zones. The tax-efficient zones were brought in as part of the Tax Cuts and Jobs Act of 2017 to try and stimulate economic activity in underdeveloped regions. Q2 2020 hedge fund letters, conferences and more The following articles will cover the benefits Read More
When Symantec began looking into the group, they were concerned about espionage as the primary motivation for the group. That has subsequently shifted to a concern over the groups ability to sabotage power providers in recent years.
Russian hackers: Sabotage versus espionage
“The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors,” Symantec said. “These infections not only gave attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations.”
“When they do have that type of access, that motivation wouldn’t be for espionage,” said Eric Chien, chief researcher at Symantec’s Security Technology and Response Team. “When we look at where they’re at, we’re very concerned about sabotage.”
“The worst-case scenario would be that the systems get shut down,” Chien said. “You could see the power go out, for example, and there could be disruption in that sense.”
That last statement was made after Chien compared the attacks to that of the Stuxnet attacks of Iranian nuclear facilities in 2010 that targeted software made by Siemens AG with the intent of throwing centrifuges offline.
Computer attacks have picked up in recent years and there is little doubt of countries actively supporting these groups if not running them themselves. China has been the biggest concern but clearly the international community can’t concentrate on that one country.