Energetic Bear: Symantec reveals new malware that could sabotage energy infrastructure around the world
Symantec has discovered new malware from a group called Dragonfly that “could have caused damage or disruption to energy supplies in affected countries,” including the United States, and was made to target “energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers,” among other groups.
The security company claims that the malware has compromised the systems of more than 1,000 organizations in 84 countries, including Spain, Germany, Turkey, and Poland. It says that it notified “affected victims and relevant national authorities” before revealing it to the general public. It’s unclear how affected organizations and countries will react to the news.
In March, the Wall Street Journal reported that a small-scale attack on just nine substations could be enough to cause a nationwide blackout. Given the fact that there are 55,000 of those stations in the country and that this malware is said to affect more than 1,000 organizations, the ease with which someone could cause so many problems is more than a little frightening.
Which isn’t to say that this is a particularly new threat — Pando’s contributing editor, Adam Penenberg, covered the many claims of an imminent “cyber Pearl Harbor” in October 2012:
Despite the FUD (“fear, uncertainty, doubt”) I probably need not point out that in the intervening decade and a half, the power grid did not short out except in brown outs during heat waves; planes did not fall from the sky; you can still drink tap water (unless you live in a county that allows fracking); the financial and banking crises were self-induced; and the only train accidents have been Amtrak’s fault. Remember the “millennium bug,” when computers were supposed to go haywire at the moment the clock struck the year 2000? Someone made a TV movie out of it. But nothing happened.
But the revelation of malware designed specifically to attack the energy infrastructure of a number of countries shows that all that fear, uncertainty, and doubt might be spot-on. That’s especially true given Symantec’s claim that the malware, which is said to resemble the Stuxnet malware made by the US and Israel to disrupt Iran’s nuclear efforts, might be state sponsored:
Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.
At least the group behind the malware hasn’t selected a horrifying nom de cyberterrorism: Symantec has dubbed it Dragonfly, while others have decided to call it Energetic Bear. Thank goodness for that — otherwise people might be worried about the group’s seeming ability to cripple the energy infrastructure of numerous countries, and we that would be unacceptable.
Still, there’s some silver lining: maybe someone can convince Facebook to tweak its News Feed algorithms to make that sense of terror you might be feeling go away. Finally, a handy use of the company’s disdain for the ethical norms followed during most psychological experiments.
[Image via Griffin's Guide]