Symantec has found that a cyber espionage group dubbed Dragonfly has re-emerged since late 2015 and has begun to launch cyber attacks on the energy sector in some countries in Europe and North America.
The company said Wednesday the Dragonfly group that started in 2011 has made attempts to gain access to energy facilities’ networks in the U.S., Switzerland and Turkey, a move that could potentially lead to sabotage.
The group uses spear phishing emails, watering hole websites and Trojanized software as methods of attack for its Dragonfly 2.0 campaign.
Since 2016, Dragonfly has carried out malicious email campaigns that use the Phishery toolkit that works to steal victims’ network credentials through a template injection attack.
Symantec found that Dragonfly also used in its follow-up campaign Heriplor and Karagany Trojans or malicious backdoors that were used in its initial campaign from 2011 through 2014.
The company advised energy sector organizations to implement two-factor authentication and strong passwords, enforce a security policy that seeks to implement encryption on at-rest and in-transit data as well as deploy defensive platforms and firewalls such as intrusion detection tools and gateway antivirus to protect networks from possible attacks.