The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint technical alert on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.
This is a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector, according to the DHS.
The threat actors started targeting these entities since at least May 2017, noted DHS. Their aim is to identify information pertaining to network and organizational design, as well as control system capabilities, within organizations.
Symantec recently published a report, Dragonfly: Western energy sector targeted by sophisticated attack group in September, and this provides additional information about the campaign which is still ongoing. The threat actors are actively pursuing their ultimate objectives over a long-term campaign.
The security agencies have been monitoring the activities of these threat actors for some time, and the technical alert offers recommendations for the prevention and mitigation of malicious cyber activity.