Beginning by targeting defense and aerospace companies in 2011, the online organization called Dragonfly has now changed its target to American and European energy companies. The cyberattackers, thought to be members of a government agency due to their high degree of technological prowess, wreak computerized havoc on industrial control systems (ICS) of petroleum pipelines as well as ICS all over the energy grid (including energy industry industrial equipment providers.)
The operation was multifaceted and well-funded. According to Symantec.com, "The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers."
Symantec was quick to offer solutions to protect computer systems from these attacks, which resemble the Stuxnet virus (aimed at the Iranian nuclear program, it was the first major malware ICS sabotage.) The goal of the recent attacks was further-reaching, intending to achieve a level of cyberespionage that could play a major role in sabotaging any of the infected systems.
No comments:
Post a Comment