GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers

The investigation of the network of hackers generally associated with the seminal 2015 cyberattack on the Ukrainian power grid continues. A researcher has reverse-engineered malware used by a subgroup of those attackers and found “massive amounts of junk code” meant to throw analysts off the trace. “The threat actors’ broad use of anti-forensic techniques underlines their attempt to be stealthy and ensure that the infection would go unnoticed,” Alessandro Di Pinto, a researcher at industrial cybersecurity company Nozomi Networks, wrote in a paper published Tuesday. The malware Di Pinto analyzed is the handiwork of GreyEnergy, a likely derivative of the hacking group known as BlackEnergy, which Western governments have attributed to Russian military intelligence. (Both the groups and the malware they deployed have been referred to as BlackEnergy and GreyEnergy.) BlackEnergy was behind the first known cyberattack to cause a blackout when 225,000 people lost power in Ukraine in 2015. […]

The post GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers appeared first on CyberScoop.

Continue reading GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers