Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Energy providers hacked through malicious software updates

Jeremy Kirk | July 1, 2014
Eastern European-based attackers gained access to the networks of energy providers by tampering with software updates for industrial control systems, gaining a foothold that could be used for sabotage, Symantec said Monday.

Based on timestamps showing when the malware was compiled, it appears the attackers worked 9 a.m. to 6 p.m. Monday through Friday shifts in a time zone that places them in Eastern Europe, Symantec said.

Security analysts have said that such regular working patterns often indicate that a country may be sponsoring or sanctioning such attacks.

"Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability," Symantec wrote.

Tampering with software updates is perhaps the most clever of Dragonfly's attacks, but the group also used a variety of other methods to compromise individuals close to the companies they targeted.

Those methods included sending spam emails with malicious PDF attachments and so-called "watering hole" attacks, where spam emails with malicious links aim to lead people to websites that probe computers for software vulnerabilities.

Dragonfly employed two exploit kits, called "Lightsout" and "Hello," which are hacking platforms planted on legitimate websites that try to deliver malware to computers that visit the site, Symantec wrote.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.