IEEE Computer Society Newsfeed

Subscribe RSS

« Back

Some Dragonfly Malware Victims Identified

A new analysis of circumstances surrounding the Dragonfly malware attacks has identified two of the three industrial-control-system software firms that the hackers targeted. Dale Peterson, founder and CEO of security firm Digital Bond, said the companies were MB Connect Line, a German maker of industrial routers and remote access appliances; and eWon, a Belgian virtual-private-network software developer whose products access industrial control devices. Peterson stated that he knows the identity of the third company but cannot divulge it. The Dragonfly campaign used a piece of malware known as Havex against energy-grid operators, major electricity-generation firms, petroleum-pipeline operators, and industrial-equipment providers, primarily in France, Germany, Italy, Poland, Spain, Turkey, and the US. In some cases, the hackers first breached the systems of industrial-control-system vendors that sell to energy-sector companies and infected the software they sold. The energy companies became infected with the Havex remote-access Trojans when they downloaded the compromised software. Havex steals information about infected computers and networks, as well as data from e-mail address books and virtual private networks, and sends them to the hackers’ servers. Peterson said he released the names of the affected industrial-control-system software firms because other security companies weren’t doing so in a timely manner. He said, “[I]t would be helpful if these energy control system and energy sites were made public so asset owners could be alerted that they may have been compromised."(SlashDot)(Digital Bond)

Trackback URL: