It's believed to have been created a state-sponsored group in Eastern Europe, likely backed by Russia. The malware infected 3 leading specialist manufacturers of industrial control systems, and then infiltrated the energy companies through software updates sent from the manufacturers. Contaminated software from one of these manufacturers was distributed to more than 250 industrial systems, so the extent of the infection is quite large.
The malware is most active in Spain and the U.S., as well as France, Italy, and Germany.
According to security firm KCS Group, "to target a whole sector like this at the level they are doing just for strategic data and control speaks of some form of government sanction. These are people working with Fapsi [Russia's electronic spying agency] working to support mother Russia."
With the proliferation of smaller scale renewable energy sources monitored by smart grids, the amount of opportunities for attack have grown. Smart meters, installed to give consumers and companies alike a better idea of how to increase energy efficiency, have added to the potential pool of targets as well.
Companies and politicians have been slow to protect against these new threats. Earlier in the year, President Obama signed an executive order to assess risks to the smart grids and scout out potential vulnerabilities. Dominion Resources of Virginia has also announced a plan to spend $500 million over the next few years to reinforce critical cyber-infrastructure against such attacks.