Dragonfly,the group of Eastern European hackers,
responsible for sophisticated cyber-espionage campaigns against
the energy infrastructures of different countries since 2011, has once again
acted recently with the same objective through a campaign called
Dragonfly 2.0.
Cybersecurity researchers at Symantec were the
ones who discovered Dragonfly 2.0, saying on the topic that “the
the group now potentially has the ability to sabotage or take control
of those systems”, being able to have unprecedented access to
the operational systems belonging to energy companies.
According to Symantec, the main types of attacks used were emails with
ficheros maliciosos adjuntados o troyanos que les permitieron tener acceso a
las redes informáticas de las víctimas.
The
grupo ha usado un conjunto de herramientas llamado Phishery para llevar ataques
basados en email, los troyanos eran enmascarados como actualizaciones de Flash,
las cuales han recibido nombres como Backdoor.Goodor, Backdoor.Dorshel y
Trojan.Karagany.B y permitían a los atacantes obtener acceso remoto al
ordenador de la víctima.
El grupo de hackers Dragonfly llevó a cabo en diciembre de
2015 un ataque contra un centro de distribución de energía en Ucrania que dejó
sin electricidad a 225.000 personas durante seis horas. Aquella fue la primera
vez que un ataque hacker impactaba de forma directa en las infraestructuras
energéticas de un país. Later, en Alemania, a Trojan was discovered in
a nuclear power plant that had been present 8 for years on one of its computers.
Mixing cyber attacks and certain types of power plants sounds like
a terrifying combination, being a topic that should be
considered a matter of state security by governments.