scorecard
  1. Home
  2. Military & Defense
  3. A Stuxnet-Like Virus Has Infected Hundreds Of US And European Energy Companies

A Stuxnet-Like Virus Has Infected Hundreds Of US And European Energy Companies

Michael B Kelley   

A Stuxnet-Like Virus Has Infected Hundreds Of US And European Energy Companies
Defense2 min read

energetic bear

Crowdstrike

A sophisticated cyber weapon has infected industrial control systems of hundreds of European and U.S. energy companies over the last 18 months, Sam Jones of The Financial Times reports.

Researchers first reported on the espionage operation, which was linked to the Russian government, in January.

Symantec, a U.S. cyber security company who uncovered more details, said it believes the group behind the attacks is "based in eastern Europe and has all the markings of being state-sponsored."

Jones writes that the cyber weapon, dubbed "Energetic Bear," allows its operators "to monitor energy consumption in real time, or to cripple physical systems such as wind turbines, gas pipelines and power plants at will."

Symantec reported that the attackers first infected three leading specialist manufacturers of industrial control systems, then inserted the malware covertly into legitimate software updates that companies sent to clients.

The Specter of Stuxnet

The malware is similar to Stuxnet, a virus created by the U.S. and Israel that infected Iran's Natanz nuclear facility in 2007 and reportedly destroyed roughly a fifth of Iran's nuclear centrifuges by causing them to spin out of control.

Stuxnet is the most powerful cyber weapon ever created, and cyber security expert Ralph Langer contends that the attack "changed global military strategy in the 21st century." And it seems that Energetic Bear is the new reality of cyber warfare.

"The sober reality is that at a global scale, pretty much every single industrial or military facility that uses industrial control systems at some scale is dependent on its network of contractors, many of which are very good at narrowly defined engineering tasks, but lousy at cybersecurity," Langer wrote in Foreign Policy.

Symantec found that the attack has compromised the computer systems of more than 1,000 organizations in 84 countries. The main targets, which appear to be based on espionage, were in Spain and the U.S., followed by France, Italy and Germany.

"To target a whole sector like this at the level they are doing just for strategic data and control speaks of some form of government sanction," Stuart Poole-Robb, a former MI6 and military intelligence officer and founder of security consultancy KCS Group, told FT. "These are people working with Fapsi [Russia's electronic spying agency]; working to support mother Russia."

READ MORE ARTICLES ON


Advertisement

Advertisement