Tuesday, October 24, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple, Samsung Heading to Court Again
Apple Praises TSMC's Investments, Says iPhones Will be AI an Platform
ARM Boosts IoT Security With Platform Security Architecture
Kaspersky Lab Seeks To Restore Reliability By Opening Software to Review
Pay with Google Speeds Up Checkout
Tesla Said to Set up China Plant
ASUS VivoBook E203 Windows 10 S Laptop Now Available for $229
Sony Releases 7.42 Effective Megapixel Stacked CMOS Image Sensor for Automotive Cameras
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Western...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, September 06, 2017
Western Energy Sector Targeted by Dragonfly Cyber Espionage Group


The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations, according to Symantec.

The group behind these attacks is known as Dragonfly. It has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This "Dragonfly 2.0" campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group, Symantec researchers say.

Most notably, disruptions to Ukraine's power system in 2015 and 2016 were attributed to a cyber attack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers.

The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.

Symantec says its customers are protected against the activities of the Dragonfly group.

Dragonfly 2.0

Symantec has evidence indicating that the Dragonfly 2.0 campaign has been underway since at least December 2015 and has identified a distinct increase in activity in 2017.

The security firm has indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. The U.S. and Turkey were also among the countries targeted by Dragonfly in its earlier campaign, though the focus on organizations in Turkey does appear to have increased dramatically in this more recent campaign.

Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim's network, including malicious emails, watering hole attacks, and Trojanized software.

The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year's Eve party to targets in the energy sector in December 2015.

The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims' network credentials to a server outside of the targeted organization.

As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector.

The stolen credentials were then used in follow-up attacks against the target organizations. In one instance, after a victim visited one of the compromised servers, Backdoor.Goodor was installed on their machine via PowerShell 11 days later. Backdoor.Goodor provides the attackers with remote access to the victim's machine.

Symantec also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks - perhaps by using social engineering to convince a victim they needed to download an update for their Flash player.

Typically, the attackers will install one or two backdoors onto victim computers to give them remote access and allow them to install additional tools if necessary.



Previous
Next
T-Mobile to Offer Free Netflix Plan        All News        U.S. House Approves Self-driving Car Rule to Accelerate Tests
IBM and MIT to Establish MIT-IBM Watson AI Lab     General Computing News      U.S. House Approves Self-driving Car Rule to Accelerate Tests

Get RSS feed Easy Print E-Mail this Message

Related News
Symantec Points at North Korean Hackers in Ransomware Attacks
Symantec to Buy LifeLock for $2.3 Billion to Form Digital Safety Platform
Symantec Announces $4.7 billion Acquisition Of Blue Coat and Strengthen Its Enterprise Cybersecurity Offerings
Symantec to Offload Veritas
Symantec To Sell Veritas Storage Unit: report
Symantec to Pay $17 mln For Patent Infringement
Symantec to Separate into Two Technology Companies
China To bar Symantec, Kaspersky Anti-virus: report
Symantec Says Antivirus Software Is Dead, Focuses On Zero-day Attacks
Stuxnet Roots Found Back in 2005
Microsoft and Symantec Take Down Bamital Botnet
Symantec Releases Enterprise Security Software For Mobiles

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .