Posted on October 23, 2017 at 2:11 PM
The US Government issued a rare warning which confirmed that hackers were infiltrating several networks of firms in these industries.
The US Government has recently issued a warning that a group of sophisticated hackers has been targeting firm networks in the energy, water, aviation, and other important industrial firms since at least May this year.
The rare public warning, issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), confirmed in a report that threats have been detected in spear-phishing emails, watering hole attacks, and malicious websites to gain access to login credentials for certain networks.
According to the report, the comprehensive phishing campaign has identified two main targets: staging and intended targets. Usually, hackers first pursue the “staging targets” these targets include third-party and peripheral organizations that have links to the targeted networks, and have less strict security measures. After successfully pursuing a staging target, the attackers use them as “pivot points and malware repositories” which in turn allows them to attack the originally intended company.
In the report, the DHS confirmed that the attackers are attempting to obtain specific sensitive information pertaining to the targeted companies’ hardware, organizational designs, and control system capabilities. This information will allow the attack vectors to successfully infiltrate targeted companies’ networks.
The report stated that attackers have already successfully compromised certain targeted networks, some of which includes an energy generator. After infiltrating the network, hackers were able to conduct reconnaissance on the firm’s network. The report failed to name affected companies.
According to the report, cyber threats have a well-known history of plaguing firms in the energy industries with varying results, whether they intend to conduct cyber espionage, or whether they intend to disrupt the energy system in the event of a hostile conflict. The report confirmed that the DHS and FBI have identified victims in the sector.
The DHS stated that the latest cybersecurity threat operates as a multi-stage intrusion which starts by targeting smaller networks with minimal security which allows it to target larger networks of high-value asset owners in the energy industry. According to the malware analysis as well as observed IOCs, the DHS has confirmed that this threat is still active and that attackers are currently actively pursuing all their targeted network in a long-term campaign.
The analysis conducted by the DHS, FBI, and their partners, the idiosyncrasies of the attack has led to believe that a group called Dragonfly might be behind it. Dragonfly has previously been reported by Symantec earlier this year. During September, security experts from Symantec stated that the energy sector in Europe and the US were being targeted by a wave of sophisticated cyber attacks launched by the group.
Symantec stated in September, that the Dragonfly groups seems primarily interested in obtaining knowledge regarding the targets’ operational systems in order to know how to sabotage or hijack their systems, should they wish to do so.
Another security firm, CrowsStrike, stated that the security threats could also be the work of a hacking group known as Berserk Bear. The group seems to have affiliations with the Russian Federation and has previously targeted energy, transportation, and financial institutions. However, according to CrowdStrike, this group has not demonstrated any destructive action yet.