Symantec releases analysis of cyber espionage group


July 08, 2014

A cyber espionage group is targeting industrial organisations in Europe and North America, compromising strategically important organisations for uses of spying.

According to security research organisation Symantec, the group is known as Dragonfly, and has been attacking energy grid operators, major generation firms and even pipeline operators. Targeted areas included the US, France, Turkey and Poland.

Dragonfly, also known previously as Energetic Bear, has been in operation since 2011 – with a possible start date extending even further back. The group is known have attacked defence and aviation companies in North America before turning to energy firms early last year.

Researchers from Symantec outlined the attack process, specifically detailing the various methods deployed by Dragonfly.

"The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit," the researchers explained.

There could be more to the Dragonfly group, however, as Symantec believe it's possibly state-sponsored. This reasoning stems from the high technical capability, and the ability to mount attacks through a number of vectors, also hitting third party websites in the process.

While no definitive location of the attackers is known, Eastern Europe has been highlighted as a main contender.

The best measure to defend against hacking groups such as Dragonfly is often by deploying ethical hacking measures internally within the company, in order to identify possible avenues of outside attack.

When carried out correctly and regularly, preventative measures can save a company both reputation and financial damage likely to stem from a security breach.

Leave a Reply

Your email address will not be published. Required fields are marked *