Energy companies in the US and Europe are being attacked by a group of Russian hackers known as “Energetic Bear”, according to cybersecurity researchers.
In an interview with Bloomberg, security firm Symantec said the attackers are aiming at “strategically important” energy companies such as petroleum pipeline operators, grid operators and electricity generation firms.
The group, also known as “Dragonfly”, has been active since at least 2011 and operates in much the same as a typical organisation working 9am to 5pm on weekdays. It seems to share its time zone with Russia and other eastern European countries.
“The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors,” Symantec said.
The infection has been found mainly in the US and Spain, but Serbia, Greece, Romania, Poland, Turkey, Germany, Italy and France have also been targeted.
A report published in January by Irvine, which focuses on identifying web “adversaries”, claimed that the group has a “nexus to the Russian Federation”. It also showed that the group targeted European governments, US healthcare providers, and defense contractors.
Symantec said such patterns could imply government involvement, but Eric Chien, chief researcher in the study, added that they could not yet tell whether a state was directly involved or if the group is trying to sell to a government.