Dragonfly Cyber Threats: A Case Study of Malware Attacks Targeting Power Grids

Authors

  • Faiza Babar Khan Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences (PIEAS), Islamabad 45650, Pakistan.
  • Ali Asad Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences (PIEAS), Islamabad 45650, Pakistan.
  • Hanif Durad Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences (PIEAS), Islamabad 45650, Pakistan.
  • Syed Muhammad Mohsin Department of Computer Science, COMSATS University Islamabad, Islamabad 45550, Pakistan. https://orcid.org/0000-0003-0886-9061
  • Sadia Nishat Kazmi Faculty of Automatic Control, Electronics and Computer Science, Silesian University of Technology, Gliwice, 44-100, Poland.

Keywords:

Dragonfly; Critical Infrastructure; Industrial Control System; SCADA; Malware Attacks

Abstract

The Energetic Bear group, also known as Dragonfly, is a collection of cyber attackers that have successfully infiltrated the critical infrastructure of American and European governments. They have been identified as the primary suspects in one of the most severe instances of cyber espionage in the history of the United States, utilizing Advanced Persistent Threat (APT) tactics for their operations. Through a variety of techniques, such as social engineering, Trojanized software, and watering hole attacks, the group has targeted its victims. This paper uses the group's attack scenario as a case study for cyber-attacks on power grids, presenting the methods used by the group. The paper also includes an analysis of the malware samples used by the group and provides forensic findings.

Downloads

Published

2023-03-29

How to Cite

Faiza Babar Khan, Ali Asad, Hanif Durad, Syed Muhammad Mohsin, & Sadia Nishat Kazmi. (2023). Dragonfly Cyber Threats: A Case Study of Malware Attacks Targeting Power Grids. Journal of Computing & Biomedical Informatics, 4(02), 172–185. Retrieved from https://jcbi.org/index.php/Main/article/view/137

Issue

Vol. 4 No. 02 (2023): Journal of Computing & Biomedical Informatics

Section

Articles

License

This is an open Access Article published by Research Center of Computing & Biomedical Informatics (RCBI), Lahore, Pakistan under CCBY 4.0 International License