GreyEnergy – WindowsTechs.com

GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers

Posted on February 12, 2019 by Sean Lyngaas

The investigation of the network of hackers generally associated with the seminal 2015 cyberattack on the Ukrainian power grid continues. A researcher has reverse-engineered malware used by a subgroup of those attackers and found “massive amounts of junk code” meant to throw analysts off the trace. “The threat actors’ broad use of anti-forensic techniques underlines their attempt to be stealthy and ensure that the infection would go unnoticed,” Alessandro Di Pinto, a researcher at industrial cybersecurity company Nozomi Networks, wrote in a paper published Tuesday. The malware Di Pinto analyzed is the handiwork of GreyEnergy, a likely derivative of the hacking group known as BlackEnergy, which Western governments have attributed to Russian military intelligence. (Both the groups and the malware they deployed have been referred to as BlackEnergy and GreyEnergy.) BlackEnergy was behind the first known cyberattack to cause a blackout when 225,000 people lost power in Ukraine in 2015. […]

The post GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers appeared first on CyberScoop.

Continue reading GreyEnergy malware has ‘massive amounts of junk code’ meant to confuse researchers→

Two suspected Russian hacking groups share tools and techniques, Kaspersky says

Posted on January 24, 2019 by Jeff Stone

Multiple groups of suspected Russian hackers have a relationship with one another that includes sharing malicious software code and hacking techniques, according to new research. The Moscow-based security vendor Kaspersky Lab on Thursday released findings tying the espionage group GreyEnergy with Zebrocy. Zebrocy is the name researchers have given to a group affiliated with suspected Russian military hackers known as Sofacy (or Fancy Bear, or APT 28), the alleged perpetrator in the hacking the Democratic National Committee in 2016. Both groups used the same command-and-control servers — the infrastructure that allows hackers to maintain communications with compromised machines — to simultaneously to target the same organization, according to Kaspersky. They also sent similar phishing emails disguised as messages from the Ministry of the Republic of Kazakhstan within one week. Our research confirms #GreyEnergy and #Zebrocy shared the C2 server infrastructure and both targeted the same organization almost at the same time. It […]

The post Two suspected Russian hacking groups share tools and techniques, Kaspersky says appeared first on CyberScoop.

Continue reading Two suspected Russian hacking groups share tools and techniques, Kaspersky says→

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

Posted on October 18, 2018 by Tara Seals

The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack. Continue reading GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure→

BlackEnergy Successor Hits Energy Companies Since 2015

Posted on October 18, 2018 by Lucian Constantin

For the past three years, a stealthy cyberespionage group has been targeting energy companies, primarily from Poland and Ukraine, using a new malware framework dubbed GreyEnergy. GreyEnergy is a modular malware platform which, according to researchers… Continue reading BlackEnergy Successor Hits Energy Companies Since 2015→

GreyEnergy: New malware targeting energy sector with espionage

Posted on October 17, 2018 by Waqas

By Waqas
After BlackEnergy, critical infrastructure around the world is among key targets of the new malware called GreyEnergy. In its recent research, ESET has revealed details of a new group of cybercriminals dubbed as GreyEnergy, which seems to be t… Continue reading GreyEnergy: New malware targeting energy sector with espionage→