A Russia-linked cyber-espionage group has hacked into the controls of electricity distribution networks in the US and Europe, raising the risk of malicious, remotely-caused blackouts, computer security firm Symantec said.
Symantec said the group, dubbed Dragonfly 2.0, gained access to the operational systems in a number of energy operations in the United States, Turkey and Switzerland,
“to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”
Symantec did not link Dragonfly 2.0, which has been around for several years, to any specific country. But other cyber security analysts and the US government say Dragonfly, also dubbed Energetic Bear, has Russian roots and links to the Russian government.
It said Dragonfly 2.0 had been known to target Western infrastructure in recent years, attempting to access computer systems to install its own backdoor entryways through phishing ruses.
But in the past year it has become “highly focused” on energy systems, Symantec said, and its hacking attempts accelerated in the first half of this year.
“This is clearly an accomplished attack group,” Symantec said.
“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”