Pierluigi Paganini March 25, 2022
US indicted 4 Russian government employees for attacks on critical infrastructure

The U.S. has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. The U.S. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. “The Department of Justice unsealed two indictments today charging […]

Pierluigi Paganini April 15, 2020
Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. Researchers from ESET believe that the attacks against two San Francisco International Airport (SFO) websites were carried out by the Russian cyber-espionage group known as Energetic Bear (aka […]

Pierluigi Paganini November 15, 2018
Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […]

Pierluigi Paganini May 11, 2018
Allanite threat actor focused on critical infrastructure is targeting electric utilities and ICS networks

Security experts from the industrial cybersecurity firm Dragos warn of a threat actor tracked as Allanite has been targeting business and industrial control networks at electric utilities in the United States and the United Kingdom. Dragos experts linked the campaigns conducted by the Dragonfly APT group and Dymalloy APT, aka Energetic Bear and Crouching Yeti, to a threat actors they […]

Pierluigi Paganini December 19, 2017
The thin line between BlackEnergy, DragonFly and TeamSpy attacks

Experts from McAfee Labs collected evidence that links DragonFly malware to other hacking campaigns, like BlackEnergy and TeamSpy attacks. On September 6, Symantec published a detailed analysis of the Dragonfly 2.0 campaign that targeted dozens of energy companies this year. Threat actor is the same behind the Dragonfly campaign observed in 2014. Further analysis conducted […]

Pierluigi Paganini October 22, 2017
DHS and FBI warn of ongoing attacks on energy firms and critical infrastructure

The US DHS and the FBI have issued a warning that APT groups are actively targeting energy firms and critical infrastructure. The US Department of Homeland Security (DHS) and the FBI have issued a warning that APT groups are actively targeting government departments, and firms working in the energy, nuclear, water, aviation, and critical manufacturing […]

Pierluigi Paganini September 07, 2017
Dragonfly 2.0: the sophisticated attack group is back with destructive purposes

While the first Dragonfly campaigns appear to have been a more reconnaissance phase, the Dragonfly 2.0 campaign seems to have destructive purposes. Symantec has spotted a new wave of cyber attacks against firms in the energy sector powered by the notorious Dragonfly group. The Dragonfly group, also known as Energetic Bear, has been active since at […]

Pierluigi Paganini July 02, 2014
Dragonfly gang is targeting Western energy industry

Security experts at Symantec have detected a new series of attacks worldwide conducted by the Dragonfly gang on SCADA/ICS in critical infrastructure. The energy industry is under attack, more than one thousand companies in Europe and North America are constantly under attack. ICS/SCADA systems are privileged targets of state-sponsored hackers and cyber criminals, last week I wrote […]