An organized group of hackers has invaded energy companies in Europe and the United States. Thatwrites security Symantec. In some cases, they would be successful in key systems, and could check important operations. The group would be able to take over and sabotage systems.
The hackers managed to penetrate the companies through a phishing email campaign that initially aimed to collect passwords and other data. Energy companies in the United States, Turkey and Switzerland are in any case affected, but probably the hackers also hit other countries. It is not clear whether Belgium is in it.
The attacks began at the end of 2015 and would have increased especially in April this year. Symantec writes the attack to the shy group Dragonfly. It has been active since 2011. It is not known who is behind Dragonfly, but according to Symantec, the group has a lot of knowledge and resources. Probably the hackers are backed by a state, possibly somewhere in the east of Europe. The group is also known as the Energetic Bear and Crouching Yeti.
The cyberspionage reminds us of cyber attacks that were received in Ukraine over the past year. Hackers, operating under the name Sandworm, managed to lame electricity for the capital of Kiev for several hours. That attack was then linked to Russia. Symantec therefore expresses the concern that these hackers keep open the opportunity to sabotage energy companies at a strategic moment.
‘No reason for panic’
Others speak against it. Robert M. Lee of security company Dragos, who investigated cyber attacks in Ukraine, interrogated in an interview with Reuters, inter alia, the link with Dragonfly in doubt. He also says that these hackers still “far away from the ability to turn off the lights”. According to him, panic is not required immediately.