Hackers had access to scada-systems energy companies’

0
201

Hackers have according to Symantec on a large-scale way had access to the systems of several European and American energy companies. Yet was spying the target, but the security company says that the hackers also suffered considerable damage to had can focus.

The hackers would operate under the flag of an organisation that Symantec Dragonfly is called. They beat reportedly mainly to energy companies in France, Italy, Germany, Turkey, Poland, Spain and the United States. More than half of the information that was captured, were enterprises in the two countries.

Dragonfly would specifically focus on scada systems, which allows industrial systems via the internet can be remotely managed. Scada stands for supervisory control and data acquisition and is a collective term for management systems, for example, sewerage systems, energy generation, manufacturing and oil pipelines. Tweakers wrote about this earlier a rich backstory.

The hackers used for their spionagecampagne a self-written trojan that remote was to operate, writes Symantec. They infecteerden computers of companies, after administrators first a message is received that updates were available for the scada system. So could the criminals not only get an insight into the business information, but they could in the extreme case, also the systems sabotage, with all the consequences.

The trojan, Symantec Oldrea baptized, gathers information about files, installed programs, and available drives. In addition, it reads the Outlook address book and vpn configuration files from the computer, then all collected information is encrypted to a server to send. The hackers used in addition to a trojan, Karagany, which allows attackers passwords can collect, screenshots, and local documents.

The trojans ended up, according to Symantec three ways on a system. The first was by an e-mail with a malicious pdf file, that of a Gmail account from. In addition, it cracked the hackers websites of energy companies and they placed an iframe, which detects vulnerabilities in Java and Internet Explorer took advantage of. Finally, there was a JavaScript code, containing information about the browser plugins collected. Then it was on the basis of the installed plugins to be the most viable exploit applied.

The exact motive of the hackers is not known. Symantec thinks that they operate from Eastern Europe, because the malware name was used on working hours from Monday to Friday. The times were consistent with a working day in Eastern Europe.

Comments
(52)