Western Energy Companies Under Sabotage Threat 86
An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
Attribution (Score:4, Interesting)
"...the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone."
Which government has working days like that? Is it the Russians?
No airgap? (Score:4, Interesting)
Re:perhaps a slice of crow for the US? (Score:5, Interesting)
In the current case, it would appear that Russia doesn't accept the U.S. argument that civilian infrastructure should be off-limits. Whether the U.S. can complain here or not is debatable. The U.S. has targeted civilian infrastructure during conventional operations; they knocked out the power in Serbia during actions in Kosovo, for example. So the Russians could easily argue- and not without merit- that if it's OK to take out the power in Serbia using a stealth bomber and a conventional bomb, it ought to be OK to turn out the lights in the U.S. using a logic bomb.