At the same time that my RSA Research colleagues were uncovering the Boleto fraud in Brazil reported this week, Symantec released a Security Response describing a 2013 cyber-attack on US energy infrastructure, dubbed “Dragonfly“. (Also researched by Kaspersky under the name “Energetic Bear”. F-Secure have been tracking one of the malware variants used, called Havex.) The attack used spear-phishing, water-holing and Remote Access Trojans to compromise a number of important organizations in the United States, Spain, France, Italy, Germany , Turkey and Poland. These targets included energy grid operators and electricity generation firms, as well as oil and gas infrastructure and industrial control system equipment manufacturers.