07 September 2017
New Wave of Cyberattacks in the Energy Sector of Europe and North America
Symantec has published a report on new cyberattacks targeting the energy sector in Europe and North America. According to Symantec experts, attacks on energy companies in the USA, Turkey and Switzerland are being carried out by a hacker group known as Dragonfly.
Kaspersky Lab is conducting its own investigation of these attacks, which the company has been following since June 2017. Although published information indicates a probable strong tie to Dragonfly, Kaspersky Lab researchers continue to evaluate incoming data in order to make a decision regarding the attribution of these attacks to a specific threat actor.
The attacks are carried out by sending phishing emails containing documents disguised as CVs, corporate standards, invitations, etc., with links to the attackers’ external servers. These links can also be embedded in compromised specialist websites frequented by potential victims (watering hole attacks). The external servers are used to collect stolen credentials to subsequently compromise the corporate network.
Kaspersky Lab products provide reliable protection against these attacks. Malware used by the cybercriminals is detected as:
Backdoor.Win32.Zapchast.aa HackTool.Win32.Agent.agzf HackTool.Win64.Agent.cp HEUR:Trojan.MSOffice.Generic HEUR:Trojan.Win32.Cometer.gen HEUR:Trojan.Win32.Generic HEUR:Trojan.Win64.Generic Trojan.Win32.Agent.nexbeb Trojan.Win32.Agentb.bwkq Trojan.Win32.Agentb.bwmk Trojan.Win32.Cometer.hm Trojan.Win32.Cometer.wu Trojan.Win32.Mucc.ajm Trojan.Win32.Shelma.sqe Trojan.Win32.Shelma.sqf Trojan-Downloader.MSWord.Agent.bkk Trojan-Downloader.MSWord.Agent.bkl Trojan-Downloader.MSWord.Agent.bkm Trojan-Downloader.MSWord.Agent.bkn Trojan-Downloader.MSWord.Agent.blk Trojan-Dropper.Win32.Scrop.tr