The pharma industry is being targeted by a cyber-espionage campaign known as Dragonfly, which uses a variety of ‘weapons,’ including spam emails, web watering holes (that infect websites with malware) and Trojan malware that allows unauthorized system access and information disclosure. Most organizations are aware of the dangers of malware, but Dragonfly is unusual as it specifically targets manufacturing systems. We spoke to Joel Langill, a security expert at RedHat Cyber, and Eric Byres, chief technology officer of Belden’s Tofino Security, to find out more.

Are we sure Dragonfly is targeting pharma?

The actual list of named victims is contained in “restricted” documents that cannot be shared. However, security provider Kaspersky Labs (Russia) offered descriptive information of the victims at various stages of the attack. This information, along with personal knowledge of the operation of pharmaceutical and life science facilities, led to the conclusion that the attack was not likely targeting the energy sector, as previously assumed. At this time, the campaign appears to be limited to reconnaissance or information theft, but the attackers possess the capability for more destructive acts, including system sabotage or disruption to operations.