Security giant Symantec has revealed that a hacker group has demonstrated an ability to interfere with the power grid in Europe and North America. A string of recent attacks have been attributed to the group, which is known as Dragonfly 2.0 — an updated iteration of the Dragonfly group that began operations in 2011, but fell off the map somewhat after being exposed in 2014.
Numerous attacks since 2015 have been linked to Dragonfly 2.0, including dozens against energy companies during the spring and summer of this year. The hackers were able to gain access to their target’s networks in more than 20 instances, and a few companies in the U.S. and one in Turkey have found that they managed to obtain operational access.
Symantec worked with these companies, who have not been named, to perform a forensic analysis of the hack. This revealed that the hackers had managed to gain control of the interfaces used by engineers to work with circuit breakers and other related hardware. As a result, they had the capacity to shut off power to homes and businesses.
Dragonfly 2.0 could have wreaked some real havoc with their hack, but it hinged on a very simple technique: credential theft.
Malicious emails have been a vital part of the group’s two-year assault on the electricity industry as they used invitations to a New Year’s Eve party and correspondences about the energy sector to hoodwink employees.
Subsequent stages of the hack required more sophisticated methods, but those stolen network credentials allowed the members of Dragonfly 2.0 to get their foot in the door.
Keeping passwords secure is important for everyone, but while the worst thing many of us may have to deal with following a security breach is disputing fraudulent credit card charges, this breach could have been so much worse. The hackers could have shut off power during an act of warfare, taken control over a nuclear facility, or gathered valuable intelligence.
Companies like Symantec are a solid line of defense against groups like Dragonfly 2.0, but organizations — especially those in charge of vital services like energy distribution — must be vigilant in ensuring all employees follow online security protocols. A scenario like this one just goes to show how much damage can be done using credentials stolen through a simple email invitation.