Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.
He said dozens of companies had been targeted and that a handful of them, including in the United States, had been compromised on the operational level. That level of access meant that motivation was "the only step left" preventing "sabotage of the power grid," Chien said.
However, other researchers cast some doubt on the findings.
While concerning, the attacks were "far from the level of being able to turn off the lights, so there's no alarmism needed," said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.
Lee called the connection to Dragonfly "loose."
Dragonfly was previously active from around to 2011 to 2014, when it appeared to go dormant after several cyber firms published research exposing its attacks. The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.
Symantec did not name Russia in its report but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.