Cyber attack

A US online security group has detected a cybercrime operation that poses a serious potential threat to power plant operations in Europe and America.

The group have uncovered the “Energetic Bear” malware operated by a state-backed group with early indications suggesting origination in Russia.

The Energetic Bear allows its operators to monitor energy consumption in real time, or to cripple physical systems such as wind turbines, gas pipelines and power plants at will, according to the UK’s Financial Times.

The organization behind the cyber attack is believed to have compromised the computer systems of more than 1000 organizations in 84 countries in a campaign spanning 18 months. The malware is similar to the Stuxnet computer program created by the US and Israel that succeeded in infecting and sabotaging Iran’s uranium enrichment facilities two years ago.
Cyber attack
Symantec, a US cyber security company, said that it had identified a virulent new “attack vector” designed to give the malware control over physical systems themselves.

Symantec said the group behind Energetic Bear, who they have dubbed Dragonfly, succeeded last year in infecting three leading specialist manufacturers of industrial control systems. Dragonfly then inserted the malware covertly into the legitimate software updates those companies sent to clients. As clients downloaded the updates, their industrial control systems become infected. Contaminated software from one of the companies was downloaded to more than 250 industrial systems.

According to Symantec, which produces the Norton range of antivirus software, Energetic Bear is most actively in use in Spain and the US, followed by France, Italy and Germany.

For more power market intelligence news