New Wave of Cyberattacks in the Energy Sector of Europe and North America

Symantec has published a report on new cyberattacks targeting the energy sector in Europe and North America. According to Symantec experts, attacks on energy companies in the USA, Turkey and Switzerland are being carried out by a hacker group known as Dragonfly.

Kaspersky Lab is conducting its own investigation of these attacks, which the company has been following since June 2017. Although published information indicates a probable strong tie to Dragonfly, Kaspersky Lab researchers continue to evaluate incoming data in order to make a decision regarding the attribution of these attacks to a specific threat actor.

The attacks are carried out by sending phishing emails containing documents disguised as CVs, corporate standards, invitations, etc., with links to the attackers’ external servers. These links can also be embedded in compromised specialist websites frequented by potential victims (watering hole attacks). The external servers are used to collect stolen credentials to subsequently compromise the corporate network.

Kaspersky Lab products provide reliable protection against these attacks. Malware used by the cybercriminals is detected as:

Backdoor.Win32.Zapchast.aa
HackTool.Win32.Agent.agzf
HackTool.Win64.Agent.cp
HEUR:Trojan.MSOffice.Generic
HEUR:Trojan.Win32.Cometer.gen
HEUR:Trojan.Win32.Generic
HEUR:Trojan.Win64.Generic
Trojan.Win32.Agent.nexbeb
Trojan.Win32.Agentb.bwkq
Trojan.Win32.Agentb.bwmk
Trojan.Win32.Cometer.hm
Trojan.Win32.Cometer.wu
Trojan.Win32.Mucc.ajm
Trojan.Win32.Shelma.sqe
Trojan.Win32.Shelma.sqf
Trojan-Downloader.MSWord.Agent.bkk
Trojan-Downloader.MSWord.Agent.bkl
Trojan-Downloader.MSWord.Agent.bkm
Trojan-Downloader.MSWord.Agent.bkn
Trojan-Downloader.MSWord.Agent.blk
Trojan-Dropper.Win32.Scrop.tr