Russian hackers have been targeting hundreds of Western oil and gas companies and energy investment firms, cybersecurity researchers said.
The attacks give hackers the opportunity to seize control of industrial operating systems from abroad, similar to the way the U.S. and Israel gained access in 2009 to an Iranian nuclear facility’s computer systems and destroyed one-fifth of the country’s uranium supply.
Since March, one Russian hacker group has targeted U.S. and Canadian defense contractors, electricity companies, oil pipeline operators and the energy grid, using malicious software called Havex Trojan, computer security company Symantec Corp. said in a report published Monday.
The Department of Homeland Security also said in a May report that a public utility was recently compromised when a hacker accessed its control system network. The department said last week it was investigating whether the Havex Trojan software had been involved in previous compromises of energy infrastructure. Russian hackers alone have affected more than 1,000 organizations in 84 countries, CrowdStrike, a cybersecurity company based in Irvine, California, said in a January report.
Symantec, of Mountain View, California, said the group using Havex Trojan, called Dragonfly, goes beyond basic hacking techniques sucha as mass emails with malicious links and attachments and plants malicious software into websites energy workers and investors often visit, like an online Chinese takeout menu. When workers clicked on a malicious link, they downloaded malware without knowing that it allowed the hackers to access their computer network.
Dragonfly, also called Energetic Bear, targeted U.S. and Canadian defense contractors before last year, but began shifting last year to target the energy sector, Vikram Thakur, a Symantec security response researcher told the Wall Street Journal. The group spreads the malicious software through websites of industrial control system software suppliers, F-Secure Corp., a Finnish cybersecurity company, said in a report last week. F-Secure found that three industrial software developers in Germany, Switzerland and Belgium were compromised, with their software altered to include the Havex Trojan. The Russian hackers also used Havex Trojan to target American oil and gas companies.