Russian government-linked hackers have targeted the U.S. energy industry and other sectors critical to running the economy in a new surge of online attacks since at least March 2016, federal agencies said on Thursday.
The hacking campaign, orchestrated by a seven-year-old group known as Dragonfly, has hit U.S. government entities and domestic companies in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors, according to an alert the U.S. Computer Emergency Readiness Team put out on Thursday.
“In multiple instances, the threat actors accessed workstations and servers on a corporate network that contained data output from control systems within energy generation facilities,” the U.S. CERT said.
The Department of Homeland Security and the Federal Bureau of Investigations have been studying the attacks, and found that the Russia-linked hackers are attacking some targets directly and penetrating the networks of others, such as third-party suppliers, to launch attacks on their intended victims.
The threat actors have dispatched spear-phishing emails, watering-hole domains and other attacks geared toward industrial control systems in the campaign. It was, the agencies said, a “multi-stage intrusion campaign” by Russian government hackers targeting “small commercial facilities’ networks,” where they “staged malware, conducted spear phishing and gained remote access into energy sector networks.”
The spear-phishing emails used infected Microsoft Word documents “that appeared to be legitimate resumes” for industrial control system personnel, the agencies said. In one case, hackers were able to find images of a company’s operational controls in the far background of a photo posted on its public website.
This article first appeared on the Houston Chronicle – an Energy Voice content partner. For more from the Houston Chronicle click here.