Over the past couple of weeks, cybersecurity vendors have announced the uncovering of a successful cyber espionage campaign carried out by the Dragonfy hacking group. In the most recent string of attacks, Dragonfly (also referred to by the name Energetic Bear) has targeted multiple US and European energy companies, successfully looting valuable process information in what appears to be the next step in the cyber warfare campaign against critical infrastructure organizations, after Stuxnet in 2010. Cybersecurity vendors have scrutinized the campaign and presented an analysis of the malware employed by Dragonfy to steal information from the infected computers.
Yesterday, a short paper I co-authored with Security Matters was released. This short paper revisits the main points of this investigation, including additional details into the specifics of the components of the campaign that exploit industrial control systems. This paper also illustrates why the implementation of a defense-in-depth (DiD) strategy is key to successfully counter cyberthreats like Dragonfly. One of the key aspects of improved DiD involves improving situation awareness within industrial architectures. SilentDefense ICS is one key element in the overall process of gaining insight into your ICS architectures allowing early detection and rapid mitigation of cyber threats.
A complete copy of the paper is available by clicking here.
I am currently actively engaged in research of the campaign and the malware employed. In the coming weeks, I will also be releasing another paper that will discuss in details the overall campaign, how the various pieces of the attack are being deployed, and how they are being used against companies relating to industrial automation and control. Stay tuned to SCADAhacker.com and follow watch my Twitter feed for additional release details.