GreyEnergy malware threatens critical infrastructure since 2015
ESET researchers Anton Cherepanov and Robert Lipovsky have published a study revealing details of a new malicious actor nicknamed GreyEnergy, who appears to be the successor to BlackEnergy.
The first attack by this group would have been registered by a Polish electricity company at the end of 2015, but most cyberattacks have been concentrated in Ukraine, as was the case with BlackEnergy. In addition to the electricity sector, other critical infrastructure, such as public transport, would have been affected.
Cyberthreat combines elements not only from BlackEnergy, but also from Industroyer. In addition, connections have been found with attacks on industrial targets, such as SCADA systems, as well as the theft of certificates from a Taiwanese manufacturer of industrial hardware and IoT called Advantech.
References:
- 17/10/2018 welivesecurity.com GreyEnergy: uno de los actores maliciosos más peligrosos cuenta con un arsenal actualizado
- 17/10/2018 cyberscoop.com Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
- 17/10/2018 hackread.com GreyEnergy: New malware targeting energy sector with espionage
- 17/10/2018 elespanol.com GreyEnergy, la nueva gran ciberamenaza que podría tumbar el sistema eléctrico