Security News > 2023 > September > 'Redfly' hackers infiltrated power supplier's network for 6 months
Although ShadowPad is a widely available trojan that multiple APT groups use, Symantec tracks the recent attacks separately, reporting that Redfly appears to have an exclusive focus on critical national infrastructure.
The ShadowPad variant seen in the attacks masquerades its components as VMware files, dropping them on the victim's filesystem.
In the observed attacks, Redfly used a separate keylogging tool that captured keystrokes in log files on the breached system, which the attackers retrieved manually.
While the attackers' intent to disrupt the power supply remains uncertain, the potential risk poses a significant threat.
"Attacks against CNI targets are not unprecedented. Almost a decade ago, Symantec uncovered the Russian-sponsored Dragonfly group's attacks against the energy sector in the U.S. and Europe," concluded Symantec's report.
"More recently, the Russian Sandworm group mounted attacks against the electricity distribution network in Ukraine that were directed at disrupting electricity supplies."