Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Russian-Born Malware Attacking Power Plants in United States, Europe

This article is over 10 years old and may contain outdated information
Energetic Bear Attack Chart 310x

Malware from the group “Energetic Bear” has been attacking utilities in the US and Europe for 18 months.

It’s all fun and games when Stuxnet is wreaking havoc on Iranian nuclear power facilities, but the jokes quickly dissolve when American and European utilities come under similar attack.

Symantec published a report today on Dragonfly, a group also known by the name Energetic Bear. This group is behind a wave of malware attacks on utility companies in Europe and the United States over the last 18 months, with most of the affected systems being in Spain, France, Italy, Germany, Turkey, Poland, and the U.S.

“Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers,” said Symantec on its Security Response blog.

Symantec goes on to accuse Russia of the nefarious deeds in every indirect way possible:

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.

Analysis of the compilation timestamps on the malware used by the attackers indicate that the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are based in Eastern Europe.

State-sponsored cyberattacks aren’t new threats by any means. Stuxnet was likely a collaboration between the U.S. and Israel to keep Iran’s nuclear programs (weaponized or not) crippled, while Chinese hackers have been targeting U.S. systems for years.

Symantec contacted those impacted by the malware prior to the blog publication, so hopefully the repair process is quick and largely painless.

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy