Security researchers confirmed on Monday that a vicious new cyberattack has compromised the computer systems of over 1000 organisations in 84 countries. Dubbed “Energetic Bear”, the Stuxnet-like malware is largely targeting energy and utility companies. It’s almost certainly from Russia.
This is scary stuff. Not only has the attack been going on for 18 months, it appears to be focused on targets in the United States and Europe. According to the Financial Times, the malware “allows its operators to monitor energy consumption in real time, or to cripple physical systems such as wind turbines, gas pipelines and power plants at will.” This is exactly the type of attack that the government’s been (very vocally) worried about lately.
The malware’s capabilities give us more reasons to be worried. The two main components of the attack include the use of remote access tool type malware that gives the attackers the ability to access information on the victim’s computer networks as well as to steal data, collect passwords, take screenshots, and even download and run files. In effect, it sounds like they could take control over entire utility systems. Symantec, the makers of the Norton suite, says the malware’s “main motive appears to be cyberespionage” but doesn’t mention any major shutdowns. The company now has fixes in place for its customers.
It gets worse. Symantec says that the attackers — who they call Dragonfly — is almost certainly “based in eastern Europe and has all the markings of being state-sponsored.” Markers in the malware, like timestamps and Cyrillic, suggest that it originated in Russia. Like we needed another reason to be mad at Russia… [Symantec, FT]