Staff at security systems specialist Symantec's Irish base are leading an investigation into high-tech attacks on power grid operators and energy companies worldwide that could yet threaten Ireland.
Alan Neville and two colleagues on Symantec's Dublin-based attack investigations team were the first to spot an ongoing cyber espionage and sabotage campaign, dubbed "dragonfly", that first sought aviation and defence targets three years ago, but has since switched to energy.
They have passed on evidence gathered in the US and the Far East to law enforcement officials and computer emergency response teams in countries with the virus.
Mr Neville explained dragonfly uses techniques to access its targets’ systems. It began with emails carrying malicious attachments before stepping up to compromising websites. It then shifted to a more sophisticated campaign, infecting products provided by companies which sell industrial control system (ICS) software and equipment.
"These infections not only gave the attackers a beachhead in the targeted organisations' networks, but also gave them the means to mount sabotage operations against infected ICS computers," Symantec says in a note on the attacks published yesterday.
The attacks were designed to gather information from the organisations targeted, and open a backdoor for sabotage. Mr Neville said this indicates dragonfly could be state-sponsored to give certain countries an edge over rivals in global energy.
Sphere of influence
Dragonfly’s targets include energy grid operators, electricity generating businesses, pipelines and suppliers of industrial equipment to the sector. Most of the victims were in the US,
Spain
,
France
,
Italy
,
Germany
,
Turkey
, and
Poland
.
Evidence suggests dragonfly originated in eastern Europe, although Mr Neville acknowledged this could in itself be a disguise.