• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

BlackEnergy APT is back, deleting files and killing computer systems

AnonOps

AnonOps

Alfrescian
Loyal

BlackEnergy APT is back, deleting files and killing computer systems

Posted on 04.01.2016

The BlackEnergy APT - or SandWorm group, as some researchers call it - has been active since 2007 (at least).

Its past exploits include cyber-espionage campaigns targeting NATO, the European Union, Ukrainian and Polish government organizations; the White House; and a variety of US ICS operators.

In the last few months, they have turned their sights on Ukrainian targets.

According to ESET researchers, the group has hit Ukrainian news media companies in November 2015 (during the 2015 Ukrainian local elections), and Ukrainian energy companies in December 2015.

In both attacks, the attackers have leveraged a new component of the BlackEnergy Trojan. Called KillDisk, it apparently supersedes the dstr plugin used in previous variants, and is capable of wiping documents and various file types (over 4000 file extensions!), as well as deleting Windows Event Logs and system files in order to make the system unbootable.

While in the attacks against media companies the Trojan's main aim was to delete documents, video files, and so on, in the attacks against power companies the attackers were more interested in deleting files and killing processes that could lead to the sabotage of working industrial systems.

Although ESET researchers don't actually say it, the latter attacks are likely the ones flagged by Ukraine's Security Service (SBU).

Apparently, the agents have found malware in the networks of individual regional power companies, and the attack was accompanied by a telephone "flood" aimed at the companies' tech support department.

The Ukrainian government blames Russians for the attacks, as all the targets are situated in the areas under control of the official government.

Aside from past targets, which were all against institutions and individuals considered to work against Russian interests, there are other indicators pointing to Russian nationals being the attackers. Still, it's impossible to say for sure whether they are or not, and whether they work for the Russian government.



 
You must log in or register to reply here.

Similar threads

Hightech88
Putin wins Russia election in landslide with no serious competition
Replies
6
Views
409
steffychun
S
P
Chitchat Hamas used NATO Weapons from Black Market to Attack Israel LOL
Replies
4
Views
721
superpower
S
duluxe
Turkish Drone Attacks Targeted Syriac Christians
Replies
0
Views
215
duluxe
duluxe
duluxe
Houthis warn new 'hypersonic missile' will target Cape of Good Hope bound shipping
Replies
0
Views
239
duluxe
duluxe
gsbslut
Yemen's Houthis reported to have a hypersonic missile, possibly raising stakes in Red Sea crisis
Replies
1
Views
241
red amoeba
red amoeba
Top