Advanced hackers have targeted US and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organisations in the US, Turkey and Switzerland, and likely other countries well, Symantec said in a new report.

The cyber attacks, which began in late 2015 but increased in frequency in April, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview.

The research adds to concerns that industrial firms, including power companies and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict.

In June, the US government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials to gain access to targeted networks.

Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.

He said dozens of companies had been targeted and that a handful of them, including in the US, had been compromised on the operational level. That level of access meant motivation was “the only step left” preventing “sabotage of the power grid,” Chien said. However, other researchers cast some doubt on the findings.

While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M Lee, founder of US critical infrastructure security firm Dragos, who read the report.

Lee called the connection to Dragonfly “loose”.

The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.

n Reuters