Cybersecurity experts reported that a group of Russian hackers known as "Energetic Bear" have been targeting hundreds of U.S. and European oil and gas corporations, along with firms focusing on energy investments.
The attacks were first documented in August 2012 by researchers from California security company CrowdStrike, when they discovered a very advanced and aggressive group from Russia that is targeting the energy industry, along with health care, defense contractors and governments.
The attacks on oil and gas corporations, researchers say, is probably a form of industrial espionage, especially given Russia's massive reliance on its oil and gas industry.
The attacks that the Russian hackers are carrying out on the corporations also gives them the ability to take over remote control of industrial control systems, similar to how the United States and Israel were able to infiltrate a nuclear facility in Iran using the Stuxnet computer worm in 2009. The mission was successful in eliminating one-fifth of Iran's supply of uranium.
The researchers of CrowdStrike believe that the attacks, which have targeted over 1,000 companies in over 84 countries, are backed by the government of Russia. They think so because the attacks were very sophisticated and had access to a high level of resources, including the fact that the attacks happened during working hours in Moscow.
The attacks were also documented in a report published by California computer security firm Symantec, who has named the Russian group "Dragonfly."
In addition to the hacking methods outlined by CrowdStrike, Symantec revealed a "watering hole attack" that compromises the websites that the group's targets visit often, instead of focusing on the computer network of their targets. By visiting these compromised websites, the target unknowingly downloads malware into the network, which gets the hackers inside.
In the past half year though, the Russian hacking group has increased its efforts, breaking into developers of industrial control software networks to inject Trojans into the software. When oil and gas companies update their control systems, they also download the malware with it.
Three industrial control software companies were compromised, and more than 250 companies unfortunately downloaded the infected updates.
"These infections not only gave the attackers a beachhead in the targeted organizations' networks, but also gave them the means to mount sabotage operations against infected I.C.S. computers," wrote Symantec in the report.
However, there is no evidence so far that shows that the group will look to use its control over networks to do serious damage, such as causing an explosion in an oil or gas facility. Symantec security response director Kevin Haley reiterates that the purpose for the hacks was industrial espionage, "but the potential for sabotage is there."