Bloomberg News

Russian Hackers Threaten Power Companies, Researchers Say

July 01, 2014

Grid

Data from a graph at an operations center in Portland, Oregon. Photographer: Natalie Behring/Bloomberg

A Russian group of hackers known as “Energetic Bear” is attacking energy companies in the U.S. and Europe and may be capable of disrupting power supplies, cybersecurity researchers said.

The hackers, also called “Dragonfly,” appear to have the resources, size and organization that suggest government involvement, security company Symantec Corp. (SYMC:US) said in a blog post yesterday. The attackers are targeting grid operators, petroleum pipeline operators, electricity generation firms and other “strategically important” energy companies, it said.

Those group’s activities highlight the increasing reach of cyberattacks as ever-larger parts of the economy become connected and controlled via the Web. They may also be symptomatic of governments using hacking to support political strategies. More than half of the infections found were in the U.S. and Spain, Symantec said, while Serbia, Greece, Romania, Poland, Turkey, Germany, Italy and France were also targeted.

The hackers, who have been active since at least 2011, appeared to work a standard week, operating 9 a.m. to 6 p.m., Monday through Friday, in a time zone shared by Russia and other eastern European countries, Symantec said.

More on Cybersecurity:

  • Female Cyber Sleuths Hack into Silicon Valley's Boys Club
  • Anti-Hacking Team Sees 'Red Threat' Unless Firms Share Data
  • UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat

The group has a “nexus to the Russian Federation,” according to report published in January by Irvine, California-based CrowdStrike, which focuses on identifying web “adversaries.” The hackers also targeted academics globally, European governments, defense contractors and U.S. health-care providers, it said. Helsinki-based security firm F-Secure Oyj noticed the group’s focus shifting to industrial control systems earlier this year, according to a June 23 blog post.

State Question

It’s unclear whether a state is directly involved or if the group is trying to sell to a government, Eric Chien, chief researcher at Symantec’s Security Technology and Response Team, said in an interview.

“The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors,” Symantec said. “These infections not only gave attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations.”

“When they do have that type of access, that motivation wouldn’t be for espionage,” Chien said. “When we look at where they’re at, we’re very concerned about sabotage.”

Symantec started actively monitoring Dragonfly’s activities in 2012, when the attacks only looked like espionage, Chien said. Some of the group’s malware infiltrates remote access software used by energy companies, giving attackers the same privileges as an industrial control system.

Siemens Software

Cyber-spies are targeting utility companies all over the world. Dragonfly’s tactics are similar to the Stuxnet attacks, a computer virus that was found to target Iranian nuclear facilities in 2010, Symantec said. That malware targeted software made by Siemens AG, among others.

The FBI discovered a Chinese hacker, called UglyGorilla, seeking access to parts of a U.S. utility company’s systems that would let him cut off heat or damage pipelines. He and others working for the Chinese People’s Liberation Army were indicted by a U.S. grand jury in May for computer fraud and economic espionage.

Other incursions have spurred a debate in the Obama administration over whether and how to respond, and raised alarms among lawmakers briefed on the incidents.

“The worst-case scenario would be that the systems get shut down,” Chien said. “You could see the power go out, for example, and there could be disruption in that sense.”

To contact the reporters on this story: Amy Thomson in London at athomson6@bloomberg.net; Cornelius Rahn in Berlin at crahn2@bloomberg.net

To contact the editors responsible for this story: Kenneth Wong at kwong11@bloomberg.net; Pui-Wing Tam at ptam13@bloomberg.net Mark Beech


Toyota's Hydrogen Man
LIMITED-TIME OFFER SUBSCRIBE NOW

Companies Mentioned

  • SYMC
    (Symantec Corp)
    • $25.93 USD
    • 0.10
    • 0.4%
Market data is delayed at least 15 minutes.
 
blog comments powered by Disqus