Symantec Identifies Malware Targeting Energy Companies in Leading Nations

Betanews.com reported on 30th June, 2014 stating that security researchers of security firm Symantec recently discovered a malware which targets big energy companies in many countries all over the world.

Symantec elaborates that a group of evil-doers known as "Dragonfly" is conducting a cyber-espionage campaign in the United States, Spain, France, Italy, Germany, Turkey and Poland by using two pieces of malware namely Backdoor.Oldrea and Trojan.Karagany with Oldrea seems to be the main tool in the attacks.

Betanews.com reported on 30th June, 2014 quoting Symantec as "Once Oldrea is installed in the victim's computer, it gathers details, directory of files and programs installed and source of available drives. It will also remove data from the computer's Outlook address book and VPN configuration files and then written to a temp file in an encrypted format prior to being sent to a remote command-and-control (C&C) server controlled by scammers. Karagany is competent of uploading stolen information, downloading new-flanged files and running executable files on a tainted computer. It is also able of running supplementary plug-ins like tools for password collection, taking screenshots and cataloging documents on infected machines."

The researchers said that this malware is similar to Stuxnet which is a virus believed to be developed by the United States or Israel to restrain threats from Iran.

Securityweek.com published news on 30th June, 2014 quoting a comment by Symantec on conducting the malware as "Dragonfly bears the hallmarks of a state-sponsored operation displaying a high degree of technical capability."

Symantec added that its main motive seems to be cyber-espionage and it also have some capacity to sabotage.

Symantec said that Dragonfly, also called Energetic Bear, seems to be operating from Eastern Europe based on the hours of activity of those involved.

Officials in the US and other countries have expressed growing concerns about cyberattacks in recent months which could paralyse important infrastructure systems like power grids, dams or transportation systems.

Symantec's analysis also confirms findings of F-Secure that websites of three ICS software vendors were compromised and the download files were Trojanized. One of the products provided VPN access to programmable logic controller (PLC) devices.

» SPAMfighter News - 7/5/2014