- Security firm Symantec warned that a group of hackers has targeted the power sector in Europe and the United States, potentially gaining operational access.
- The group, identified as Dragonfly 2.0, has operated since 2011. But Symantec reported an uptick in their activity in 2015, and noted it targeted dozens of energy companies in the spring and summer of this year. The attackers use malicious emails, watering hole attacks and Trojanized software to gain access to networks.
- The firm stopped short of identifying where the attackers originated from, noting some code strings were in Russian as well as French. Symantec told Wired that it sent warnings about the group to the North American Electric Reliability Corporation (NERC) and the Department of Homeland Security.
Cybersecurity is at the forefront of grid security discussions, and the latest report from Symantec underscores the severity of the threat. In Utility Dive's latest sector survey of more than 600 utility professionals, respondents named physical and cybersecurity the most pressing issue facing their companies today.
Wired noted a handful of U.S. power companies were targeted, but Symantec did not reveal the victims. A Symantec security analyst told the outlet that the only comparable situation to Dragonfly's methods would be the 2015 Ukraine attacks.
In December 2015, a series of cyberattacks sparked widespread blackouts in Ukraine. The attackers, identified as Sandworm and believed to be based in Russia, gained access to a Ukrainian energy utility's controls and managed to manually operate dozens of circuit breakers to turn off the power, Wired reported.
It's unclear if Dragonfly has attained that level of penetration, but Symantec said they appear to have the ability to potentially sabotage or gain control of these systems. Dragonfly was named in a joint analysis published by the DHS and the Federal Bureau of Investigation last year on Russian-based hacking operations.
Media reports surfaced earlier this year over potential cyberattacks aimed at the European grid and the U.S. grid, in addition to nuclear facilities. E&E News revealed in June that U.S. officials were investigating multiple cyberattacks that unsuccessfully targeted nuclear plants.
According to a report from Lloyd's of London, a cyberattack on the U.S. grid could cost $1 trillion.
The North American Electric Reliability Corporation in 2015 ran a simulated attack on the U.S. grid. The industry and government partnered to determine how to improve responses in the event of an actual attack. And in 2016, researchers at the DOE's Idaho National Laboratory demanded new awareness for grid security as the rollout of smart grid technology raised the risk of cyberattacks.
President Donald Trump also named cybersecurity a priority, issuing an executive order outlining a series of actions for federal agencies to strengthen protections for national cybersecurity, federal IT networks and critical infrastructure, including the power grid.