Thursday, July 10, 2014

Cyber Espionage Campaign Hits Energy Companies

Over the past couple of weeks, cybersecurity vendors have announced the uncovering of a successful cyber espionage campaign carried out by the Dragonfy hacking group. In the most recent string of attacks, Dragonfly (also referred to by the name Energetic Bear) has targeted multiple US and European energy companies, successfully looting valuable process information in what appears to be the next step in the cyber warfare campaign against critical infrastructure organizations, after Stuxnet in 2010. Cybersecurity vendors have scrutinized the campaign and presented an analysis of the malware employed by Dragonfy to steal information from the infected computers.

Yesterday, a short paper I co-authored with Security Matters was released. This short paper revisits the main points of this investigation, including additional details into the specifics of the components of the campaign that exploit industrial control systems. This paper also illustrates why the implementation of a defense-in-depth (DiD) strategy is key to successfully counter cyberthreats like Dragonfly. One of the key aspects of improved DiD involves improving situation awareness within industrial architectures. SilentDefense ICS is one key element in the overall process of gaining insight into your ICS architectures allowing early detection and rapid mitigation of cyber threats.

A complete copy of the paper is available by clicking here.

I am currently actively engaged in research of the campaign and the malware employed. In the coming weeks, I will also be releasing another paper that will discuss in details the overall campaign, how the various pieces of the attack are being deployed, and how they are being used against companies relating to industrial automation and control. Stay tuned to SCADAhacker.com and follow watch my Twitter feed for additional release details.

9 comments:

  1. I've always wondered how remotes for electronic devices worked. Now I know, or rather I know the word for it. I just started learning to code and things in the electronic world.
    Feruccio
    http://www.kpsm.com.au/

    ReplyDelete
  2. Thanks Joel, best of luck with the ongoing research and looking forward to the follow-up paper.

    - Josh | Aqua Sierra
    http://aquasierra.com/

    ReplyDelete
  3. I get a lot of great information from this blog. Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing.
    best Ethical Hacking Course

    ReplyDelete
  4. It’s my first time to visit this site & I’m really surprised to see such impressive stuff out there.Anne Deschiek

    ReplyDelete
  5. So...forgive my layman's understandin, was this attack actually used on SCADA/Control PLC'S? Or just phishing?

    ReplyDelete
  6. Awesome post you made. It gone viral on the internet. Thanks for providing such helpful stuffs online.
    Plastic Pressure Gauge

    ReplyDelete
  7. Paris airport transfer - Parisairportransfer is very common in Paris that provides facilities to both the businessmen and the tourists. We provide airport transfers from London to any airport in London and also cruise transfer services at very affordable price to our valuable clients.

    Paris taxi
    Paris airport shuttle
    paris hotel transfer
    paris airport transfer
    paris shuttle
    paris car service
    paris airport service
    disneyland paris transfer
    paris airport transportation
    beauvais airport transfer
    taxi beauvais airport
    taxi cdg airport
    taxi orly airport

    ReplyDelete
  8. Thanks, You wrote awesome, I knew lots of things from your article. Its really helpful for any readers.
    Battery Operated Flow Meter

    ReplyDelete