The security firm Symantec has uncovered a malware campaign from a group dubbed Dragonfly that allowed remote access to the computer systems of more than a thousand power plants. According to Symantec, the attackers used the malware only to spy on system operations, but could have used the remote-access functionality to wreak considerably more havok had they decided to. With infections reaching 1,018 organizations across 84 countries, ranging from grid operators to gas pipelines, the scope of the damage would have been considerable.
Dragonfly's control servers are based in Eastern Europe, leading the Financial Times to conclude that the attacks are Russian in origin, but the ultimate purpose of the attack is still unclear. Attackers used a variety of techniques, ranging from garden-variety phishing attacks to campaigns targeting component manufacturers, which then allowed for infections to take hold in any downstream system. Already, comparisons have been drawn to the more sophisticated Stuxnet virus, which the US used to damage nuclear plants in Iran in 2010.