Categories: SecurityWorkspace

US Energy Firms Report Cyber Attacks

Amidst heightened concern about the digital safety of Western energy companies, a number of utilities suppliers in the US have reported cyber incidents over the last year.

The affected utilities were subsidiaries of ITC Holdings, Duke Energy and NRG Energy, according to a report in the Wall Street Journal. All had filed a report to the US Energy Department on suspected cyber attacks.

At the start of the week, Symantec released research detailing a widespread cyber campaign on a number of energy firms, claiming  the attackers could have used their control over their targets to cause “damage or disruption to energy supplies in affected countries.”

Dragonfly energy firm attacks

The so-called “Dragonfly” hackers, also known as Energetic Bear, largely went after businesses in the US, Spain, France, Italy, Germany, Turkey and Poland. They managed to compromise industrial control systems (ICS) used to control sections of power plants

It’s been suggested the group, which has been in operation since at least 2011, is based in Russia. It initially targeted defence and aviation companies in the US and Canada before it moved its crosshairs over to energy firms.

“Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process,” Symantec said in a blog post.

“Dragonfly has targeted multiple organisations in the energy sector over a long period of time. Its current main motive appears to be cyber espionage, with potential for sabotage a definite secondary capability.”

The US government has issued warnings about the activity of the group and the malware its using, known as Havex or the Energetic Bear RAT.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which is funded by the Department of Homeland Securty, noted the hackers were using phishing emails, redirects to compromised websites and trojanised update installers on at least three lCS vendor websites to infect companies with Havex.

“ICS-CERT strongly recommends that organizations check their network logs for activity associated with this campaign,” the body said in an advisory. “Any organisation experiencing activity related to this report should preserve available evidence for forensic analysis and future law enforcement purposes.”

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Generative AI Not Replacing UK Jobs, Study Finds

Study finds UK organisations broadly deploying generative AI to support existing jobs, but execs say…

3 hours ago

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

16 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

17 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

17 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

17 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

18 hours ago