4_800x533_L_1412522645.jpg)
By Meagan Clark - Russian hackers have been targeting hundreds of Western oil and gas companies and energy investment firms, according to cybersecurity researchers.
The attacks give hackers the opportunity to seize control of industrial operating systems from abroad, similar to the way the U.S. and Israel gained access in 2009 to an Iranian nuclear facility’s computer systems and destroyed a fifth of the country’s uranium supply.
Since March, one Russian hacker group has targeted U.S. and Canadian defense contractors, electricity firms, oil pipeline operators and the energy grid, using malicious software called Havex Trojan, according to a report published Monday by computer security company Symantec Corp.
According to a May report by the Department for Homeland Security, a public utility was recently compromised when a hacker accessed its control system network. The department said last week it was investigating whether the Havex Trojan software had been involved in previous compromises of energy infrastructure. Russian hackers alone have affected more than 1,000 organizations in 84 countries, according to a January report by cybersecurity firm CrowdStrike.
Mountain View, California-based Symantec said the group using Havex Trojan, called Dragonfly, goes beyond basic hacking techniques—mass emails with malicious links and attachments—and plants malicious software into websites energy workers and investors often visit, like an online Chinese takeout menu. When workers clicked on a malicious link, they downloaded malware without knowing it that allowed the hackers to access their computer network.
Dragonfly, also called Energetic Bear, targeted U.S. and Canadian defense contractors before last year, but began shifting last year to target the energy sector, Vikram Thakur, a Symantec security response researcher told the Wall Street Journal. The group spreads the malicious software through websites of industrial control system software suppliers, according to a report last week by Finnish cybersecurity firm F-Secure. F-Secure found that three industrial software developers in Germany, Switzerland and Belgium were compromised, with their software altered to include the Havex Trojan. The Russian hackers also used Havex Trojan to target American oil and gas companies.