Thursday, July 10, 2014

Cyber Espionage Campaign Hits Energy Companies

Over the past couple of weeks, cybersecurity vendors have announced the uncovering of a successful cyber espionage campaign carried out by the Dragonfy hacking group. In the most recent string of attacks, Dragonfly (also referred to by the name Energetic Bear) has targeted multiple US and European energy companies, successfully looting valuable process information in what appears to be the next step in the cyber warfare campaign against critical infrastructure organizations, after Stuxnet in 2010. Cybersecurity vendors have scrutinized the campaign and presented an analysis of the malware employed by Dragonfy to steal information from the infected computers.

Yesterday, a short paper I co-authored with Security Matters was released. This short paper revisits the main points of this investigation, including additional details into the specifics of the components of the campaign that exploit industrial control systems. This paper also illustrates why the implementation of a defense-in-depth (DiD) strategy is key to successfully counter cyberthreats like Dragonfly. One of the key aspects of improved DiD involves improving situation awareness within industrial architectures. SilentDefense ICS is one key element in the overall process of gaining insight into your ICS architectures allowing early detection and rapid mitigation of cyber threats.

A complete copy of the paper is available by clicking here.

I am currently actively engaged in research of the campaign and the malware employed. In the coming weeks, I will also be releasing another paper that will discuss in details the overall campaign, how the various pieces of the attack are being deployed, and how they are being used against companies relating to industrial automation and control. Stay tuned to and follow watch my Twitter feed for additional release details.

Tuesday, July 1, 2014

DragonFly/Havex Resource Page Now Available on

Today, I am happy to announce the launch of a new page on devoted to provided timely and relevant information relating to the Dragonfly/Havex campaign. Like resource pages developed in the past for Stuxnet and Duqu, this page will provide a one-stop location for key resources pertaining to industrial control systems as used in this campaign, including Technical Reports, White Papers, ICS-CERT Advisories and Alerts, Press Reports, and other pertinent information.

The site will also include a dynamic Twitter feed tracking related posts utilizing hashtags #havex, #dragonfly, and #energeticbear.

If there is anything that you find that could be of use to the general community, please feel free to share this by sending me an email.

Dragonfly/Havex Resource Page on