Kaspersky Lab Research on Energetic Bear

01 Jul 2014

Kaspersky Lab security experts have been researching a cyberespionage campaign called Energetic Bear, or Dragonfly. For some time, the experts having been working with several law enforcement agencies, and a detailed report is available for purchase as part of our intelligence services subscription. However, the experts are currently continuing their research while working with the law enforcement agencies and industry partners in order to mitigate the threat. A shorter, public version of the Energetic Bear research will be available later this summer.

The Director of the Global Research & Analysis Team at Kaspersky Lab, Costin Raiu, provides details:

“According to our research, victims appear in a wider range of enterprises than it was previously discussed. The largest amount of the victims Kaspersky Lab identified fall into the industrial/machinery building sector, indicating this is of special interest. Among other victims were research universities, pharmaceutical and construction companies, mechanical and information technologies, and a variety of other technical providers.

Overall, we observed about 2,000 unique victims worldwide with the most popular attack tool being the Havex Trojan. Most of them are located in the US, followed by Spain, Japan, Italy, Germany and France.

In terms of attribution of these attacks, Kaspersky Lab is still investigating all existing leads, however, at the moment there are no strong points in either direction.”