A Dragonfly that stings
This editorial ran in the Washington Post:
Evidence has surfaced of a serious potential threat to electrical and industrial systems from cyberattack.
A security firm, Symantec, has discovered a wave of malware called Dragonfly in Europe and the United States that could put bad actors in position to switch off the lights.
The firm said malware by that name had been around since 2011 but was dormant for a while before re-emerging — Symantec calls it Dragonfly 2.0 — with a “distinct increase in activity” this year. The attackers are using familiar tools, such as “spearphishing” emails with attachments reeking with dangerous code, including an attachment resembling a benign invitation to a New Year’s Eve party.
According to Symantec, the bad actors behind Dragonfly 2.0 have entered electric utility networks in Turkey, Switzerland and the United States numerous times and they “may be entering into a new phase,” exploring how they can throw the switches on operational systems.
The company said the architects of the Dragonfly campaign are an “accomplished attack group”and highly experienced but did not otherwise identify them. However, it is known that Ukraine has suffered power blackouts caused by cyberattacks that it blames on Russia. Could Russia also be probing the U.S. electrical grid? Or another nation?