A host of European energy companies have been spied on by a cyber gang – leaving them open to sabotage, security experts revealed this week.
The group which is dubbed Dragonfly or Energetic Bear ran the attacks from February to September 2013.
They targeted energy grid operators, major electricity generation firms, petroleum pipeline operators and energy-related industrial equipment providers.
Most victims were in the US, Spain, France, Italy, Germany, Turkey and Poland, said online security firm Symantec in a blog on Monday.
“Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability,” wrote the company, assessing its current motive as “cyberespionage”.
The experts who have notified the companies and national authorities believe it is likely the attackers are based in Eastern Europe.
Attackers began by sending malware in “phishing” emails to people in targeted energy firms, with Symantec experts noting emails which seemed to be about office admin and containing PDFs.
They also laid traps on hacked websites likely to be visited by people working in energy, redirecting them to sites which then deliver malware to a victim’s computer.
A third prong of attack was what the Symantec experts described as “Trojanising of legitimate software” from three industrial control system (ICS) equipment manufacturers.
The episode calls to mind a similar online attack on Iran’s nuclear energy programme in 2009, while security firms have recently warned of the cyber dangers faced by energy firms.