The group of Russian hackers going by the names “Energetic Bear” as well as “Dragonfly” are systematically attacking the systems of grid operators, petroleum pipelines, electricity generating firms, and other energy companies across Europe and the States.
Russian hackers: Well organized and state-sponsored?
They are well organized and unlike hackers depicted in film that sit in dark basements and work all night, this group appears to work regular hours, almost banking hours, in a time zone shared with Russia which suggests possible government complicity. Over half the attacks that Symantec found occurred in the United States and Spain, but Germany, Italy, France and other countries were also targeted.
Q4 Letter: Hawk Ridge Generated Alpha On Both The Longs And Shorts [In-Depth]
Hawk Ridge was up 19.4% net for 2020, compared to the Russell 2000's 19.9% return and the HFRI Equity Hedge Total Index's 17.4% gain. The fund had ones of its best years ever in terms of alpha generation as it generated almost 12% compared to a beta-adjusted Russell 2000. Hawk Ridge generated strong alpha on Read More
When Symantec began looking into the group, they were concerned about espionage as the primary motivation for the group. That has subsequently shifted to a concern over the groups ability to sabotage power providers in recent years.
Russian hackers: Sabotage versus espionage
“The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors,” Symantec said. “These infections not only gave attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations.”
“When they do have that type of access, that motivation wouldn’t be for espionage,” said Eric Chien, chief researcher at Symantec’s Security Technology and Response Team. “When we look at where they’re at, we’re very concerned about sabotage.”
“The worst-case scenario would be that the systems get shut down,” Chien said. “You could see the power go out, for example, and there could be disruption in that sense.”
That last statement was made after Chien compared the attacks to that of the Stuxnet attacks of Iranian nuclear facilities in 2010 that targeted software made by Siemens AG with the intent of throwing centrifuges offline.
Computer attacks have picked up in recent years and there is little doubt of countries actively supporting these groups if not running them themselves. China has been the biggest concern but clearly the international community can’t concentrate on that one country.