WASHINGTON – U.S. and European energy companies have become the target of a “Dragonfly” virus out of Eastern Europe that goes after energy grids, major electricity generation firms, petroleum pipelines operators and energy industrial equipment providers.
Unearthed by the cyber security firm Symantec, Dragonfly has been in operation since at least 2011. Its malware software allows its operators to not only monitor in real time, but also disrupt and even sabotage wind turbines, gas pipelines and power plants – all with the click of a computer mouse.
The attacks have disrupted industrial control system equipment providers by installing the malware during downloaded updates for computers running the ICS equipment.
According to Symantec, more than a thousand organizations in 84 countries were affected over an 18-month period.
Most of the targets were in the United States, Spain, France, Italy, Germany Turkey and Poland – all countries belonging to the North Atlantic Treaty Organization.
This has led some analysts to suggest the attacks were orchestrated by Russia, which seeks to build buffers between the Russian Federation and the NATO countries.
Given the time of day of the computer attacks – during work hours – and the targeting of strategic data, analysts believe the attacks were sanctioned by a government.
The attacks apparently are ongoing, as companies in the energy sector continue to sustain damage and disruptions to energy supplies in the most affected countries.
The Dragonfly group is said to have at its disposal a range of malware tools to disrupt computer systems, especially industrial control systems. Sources believe it operates similar to the Stuxnet malware that the United States and Israel had used against Iran’s nuclear program to disrupt the operation of its centrifuges that enrich uranium.
Full article: ‘Dragonfly’ virus strikes U.S. power plants (WND)