Symantec, the company that makes Norton Anti-Virus software, announced some very scary news yesterday about the security of the energy sector. The company said that a hacker group is targeting the worldwide energy industry, and the U.S. is a main target.
The hacker group is called Dragonfly and it's using malware to access and control computers at energy companies in the U.S. and Europe. Its two main malware tools are Backdoor.Odrea and Trojan.Karagany.
Big companies aren't the only ones at risk. Malware attacks are on the rise across the board.
Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.
Right now, it seems like the group is using its access for spying purposes, but it could cause actual damage to energy supplies and delivery if it wanted to.
It is even scarier to hear that Symantec thinks the hacker group is state-sponsored because of its level of expertise. The group even seems to work between 9 a.m. and 6 p.m. in an Eastern European time zone, like it's just an everyday job.
The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment.