This isn't the first time we've heard of Dragonfly. Back in 2014, Symantec and other researchers identified the group as responsible for a series of attacks on US and European energy systems that stretched from 2010 to 2014. A joint analysis between the Department of Homeland Security and the FBI in 2016 tied Dragonfly to Russian malicious activity, though Symantec has been careful not to speculate on the origins of the group. Now, it appears the hacker organization is active again in a campaign that Symantec has termed "Dragonfly 2.0."
This series of attacks began in December 2015 with an email scam sent to people within the energy sector. The group gathered network credentials and were able to install back doors that provided remote access to targets' computers. Symantec cautions that the 2010–2014 attacks may have been an intelligence-gathering phase. Now, the group could be trying to gain access to energy systems for all-out attacks.
Symantec notes that one of the most troubling aspects of this campaign is the use of screenshots. In several US attacks, hackers were able to capture screen grabs of actual control panels for these energy systems. "That's exactly what you'd do if you were to attempt sabotage," Eric Chien, a Symantec security analyst, told Wired. "You'd take these sorts of screenshots to understand what you had to do next, like literally which switch to flip."
It sounds frightening, to be sure, but now that we're aware the threat exists and is active, there are measures that can be put in place to thwart Dragonfly 2.0. Symantec's recommendations include encrypting sensitive data, implementing secure passwords and two-factor authentication and making sure overlapping defensive systems are in place. Even with these measures, though, it's important to remain vigilant to ensure that the group isn't able to take control of US and European energy systems.