US warns critical sectors of active hacking campaign

The US Department of Homeland Security and the FBI have issued a warning to companies in critical sectors such as energy, water supply, aviation and manufacturing. They would be the target of an active campaign by hackers.

In its recent warning, the department states that the campaign has been going on since May. It has identified several victims and recorded traces of the attacks, with which it now wants to warn other organizations. The attacks are said to continue and are part of a long-term campaign by the attackers.

The organization does not say anything about the origin of the attacks, but refers to an earlier report from Symantec in which the hacker group is referred to as Dragonfly. According to the security company, the group has been active since at least 2011 and focuses, among other things, on targets in the energy sector. There is no indication of a possible origin of the group in the Symantec report, because no firm conclusions could be drawn.

The attacks Homeland Security warns about are carried out through targeted phishing attacks and through so-called watering hole attacks, in which, for example, a particular site is infected. Dragonfly proceeds by first attacking third parties with weaker security, for example suppliers of the actual targets. The phishing emails contain links to an url shortener that in turn redirects to a next, similar service.

For example, the attackers would be after login details and collecting information about ICS and scada systems. Once on a target’s network, they download additional tools from a special server in the form of txt files, which are then renamed. For example, the attackers could apply a backdoor.