https://www.cyberscoop.com/greyenergy-eset-ukraine-sandworm-telebots/
By Sean Lyngaas
CYBERSCOOP
OCT 17, 2018
Ever since the seminal cyberattacks on the Ukrainian power grid in 2015
and 2016, researchers have traced the evolution of the broad set of
hackers behind the attacks in an effort to warn organizations the hackers
might strike next. On Wednesday, analysts from cybersecurity company ESET
added to that body of knowledge in revealing a quieter subgroup of those
hackers that has targeted energy companies in Ukraine and Poland.
ESET has dubbed the group GreyEnergy, a derivative of the original group
of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is
known for the disruptive 2015 attack on the Ukrainian grid that cut power
for roughly 225,000 people, GreyEnergy has to date preferred
reconnaissance and espionage, according to ESET. The group has taken
screenshots of its possible targets, stolen credentials, and exfiltrated
files.
"Clearly, they want to fly under the radar," said Anton Cherepanov, the
company's lead researcher on the case. ESET suspects that BlackEnergy
morphed to GreyEnergy at the end of 2015, after the group grabbed the
world’s attention in the first known cyberattack to cause a blackout.
Other cybersecurity companies refer to the group behind BlackEnergy as
"Sandworm," an outfit that Western governments have attributed to
Russian’s military intelligence directorate. Last week, ESET researchers
published evidence - in the form of custom remote access tools - that
links 2015 and 2016 hacking operations against the Ukrainian grid with
last year’s NotPetya malware outbreak.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
