Nation-sponsored hackers have penetrated the operational networks multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people, researchers warned Wednesday.
The incursions detected by security firm Symantec represent a dramatic escalation by a hacking group dubbed Dragonfly, which has been waging attacks against US and European energy companies since at least 2011. In 2014, Symantec reported that Dragonfly was aggressively establishing beachheads in a limited number of target networks, mainly by stealing the user names and passwords used to restrict access to legitimate personnel. Over the past year, the hacking group has managed to compromise dozens of energy firms and in a handful of cases, install backdoors in the highly sensitive networks the firms use to supply power to the grid.
“What’s most concerning is we now see them intruding on operational networks of energy companies,” Eric Chien, technical director of Symantec’s Security Response and Technology Division, told Ars. “Before, we were talking about them being one step away, and what we see now is that they are potentially in those networks and are zero steps away. There are no more technical hurdles for them to jump over.”