Hacker attacks on critical infrastructure run the gamut from phishing emails designed to trick users into opening attachments, to fake Flash updates that end up installing trojan backdoors.
However, malicious email campaigns have now been used to gain entry into organizations in the United States, Turkey, and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday.
The attacks have been serious enough that according to Wired, the intruders gained hands-on access to power grid operations—enough control that they could have induced blackouts on American soil whenever they pleased. The new campaign of attacks has been associated with a group calling themselves Dragonfly 2.0.
The group targeted dozens of companies in the spring and summer of this year and in over 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. Additionally, at a handful of companies in the U.S. and at least one in Turkey, a forensic analysis found the hackers had gained “operational access.”
This means the hackers gained control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into homes and businesses.
“Much of this activity was undetected by the security industry and is highly targeted,” Jon Dimaggio, senior threat intelligence analyst at Symantec, told eWEEK. “Once we identified the activity and began to look into what was going on, we realized this was a major operation targeting the energy industry.”
“We are working with victims to identify and mitigate the recent Dragonfly attacks however since these are true victims of a major cyber attack we can not provide details down to that level,” Dimaggio said.
“However, I will say that we have not seen any major impact to operations and hopefully this information being released publicly will prevent vital ICS systems from being damaged or altered. ”
The biggest concern is that these cyber-attacks could be used for destructive purposes in the event of a major geopolitical conflict. Based on an alert seen by Reuters, in June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors using phishing emails.
Symantec did not name any country in particular as being responsible for the hacking attacks but did note the attackers used code strings that were in Russian, while other codes used French. Symantec believes this was done to make it more difficult to identify where the attacks originated.
