ESET researchers Anton Cherepanov and Robert Lipovsky have published a study revealing details of a new malicious actor nicknamed GreyEnergy, who appears to be the successor to BlackEnergy.
The first attack by this group would have been registered by a Polish electricity company at the end of 2015, but most cyberattacks have been concentrated in Ukraine, as was the case with BlackEnergy. In addition to the electricity sector, other critical infrastructure, such as public transport, would have been affected.
Cyberthreat combines elements not only from BlackEnergy, but also from Industroyer. In addition, connections have been found with attacks on industrial targets, such as SCADA systems, as well as the theft of certificates from a Taiwanese manufacturer of industrial hardware and IoT called Advantech.