'Energetic Bear' Is Attacking Our Energy Sector

'The potential for sabotage is there,' says Symantec director
By Evann Gastaldo,  Newser Staff
Posted Jul 1, 2014 8:22 AM CDT

(Newser) – "Energetic Bear" has roared its way into the Western oil and gas sector: Over the past year and a half, more than 1,000 companies in 84 countries have been hit by the malware, which was first uncovered in August 2012 and further described in a report released yesterday by Symantec. In the report, Symantec notes the hackers (a group it calls "Dragonfly") have "all the markings of being state-sponsored"; it sees them as likely "based in Eastern Europe," with the Financial Times reporting they have "apparent" ties to Russia and the New York Times more explicitly calling them "Russian hackers." Most of the attacks have been on companies in Spain and the US, followed by France, Italy, and Germany.

story continues below

The hackers appear to be engaging in industrial espionage, but, as Symantec newly reveals, they can also take over industrial control systems remotely—an ability that makes the Energetic Bear malware similar to the Stuxnet computer worm. The New York Times notes the Dragonfly hackers are said have become more "aggressive and sophisticated" over the past six months, and Symantec details the new "attack vector" that enables their remote-control capability. The hackers infiltrated three top manufacturers of industrial control systems and inserted their malware into the software updates those companies' clients used; upon download, the clients' systems were infected. While there's no evidence the hackers intend to do physical damage, "the potential for sabotage is there," says a Symantec director. (Read more hackers stories.)

We use cookies. By Clicking "OK" or any content on this site, you agree to allow cookies to be placed. Read more in our privacy policy.
Get the news faster.
Tap to install our app.