Security researchers confirmed on Monday that a vicious new cyberattack has compromised the computer systems of over 1,000 organisations in 84 countries. Dubbed "Energetic Bear" the Stuxnet-like malware is largely targeting energy and utility companies. It's almost certainly from Russia.
Not only has the attack been going on for 18 months, it appears to be focused on targets in the United States and Europe. According to the Financial Times, the malware "allows its operators to monitor energy consumption in real time, or to cripple physical systems such as wind turbines, gas pipelines and power plants at will".
The two main components of the attack include the use of remote access tool type malware that gives the attackers the ability to access information on the victim's computer networks as well as to steal data, collect passwords, take screenshots, and even download and run files.
In effect, it sounds like they could take control over entire utility systems. Symantec, the makers of the Norton suite, says the malware's "main motive appears to be cyberespionage" but doesn't mention any major shutdowns. The company now has fixes in place for its customers.
It gets worse, though. Symantec says that the attackers — whom they call Dragonfly — is almost certainly "based in eastern Europe and has all the markings of being state-sponsored." Markers in the malware, like timestamps and Cyrillic, suggest that it originated in Russia. [Symantec, FT]
Image via Symantec