Collaborate Disseminate
The code designed to target industrial control systems joins the pantheon of dangerous malware that can cause cyber-physical harm.
The post Mysterious malware designed to cripple industrial systems linked to Russia appeared first on CyberScoop.
Continue reading Mysterious malware designed to cripple industrial systems linked to Russia
Russian losses near Kyiv and a looming onslaught in eastern Ukraine may be a factor in the attack, a Ukrainian official said.
The post Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say appeared first on CyberScoop.
Continue reading Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say
Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats. Continue reading From Triton to Stuxnet: Preparing for OT Incident Response
The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack. Continue reading GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
By Waqas
After BlackEnergy, critical infrastructure around the world is among key targets of the new malware called GreyEnergy. In its recent research, ESET has revealed details of a new group of cybercriminals dubbed as GreyEnergy, which seems to be t… Continue reading GreyEnergy: New malware targeting energy sector with espionage
Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the evolution of the broad set of hackers behind the attacks in an effort to warn organizations the hackers might strike next. On Wednesday, analysts from cybersecurity company ESET added to that body of knowledge in revealing a quieter subgroup of those hackers that has targeted energy companies in Ukraine and Poland. ESET has dubbed the group GreyEnergy, a derivative of the original group of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is known for the disruptive 2015 attack on the Ukrainian grid that cut power for roughly 225,000 people, GreyEnergy has to date preferred reconnaissance and espionage, according to ESET. The group has taken screenshots of its possible targets, stolen credentials, and exfiltrated files. “Clearly, they want to fly under the radar,” said Anton Cherepanov, the company’s lead researcher on […]
The post Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid appeared first on Cyberscoop.
Continue reading Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. Continue reading NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
Analysis of a new backdoor program allowed malware researchers to establish clear links between the cyberattacks that led to power outages in Ukraine in 2015 and 2016 and the NotPetya ransomware outbreak. The new backdoor is called Exaramel and is use… Continue reading Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” — or tools for remote access — used by the hackers. In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the“Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for […]
The post Researchers link tools used in NotPetya and Ukraine grid hacks appeared first on Cyberscoop.
Continue reading Researchers link tools used in NotPetya and Ukraine grid hacks
Security researchers say they’ve uncovered a set of hacking tools that were likely used to target and disrupt the Pyeongchang Winter Olympics over the weekend. On Friday, the official 2018 Winter Olympics website went down for several hours causing a disruption to ticket sales and downloads during the opening ceremony. Localized Wi-Fi networks surrounding the games in South Korea also became temporarily unavailable in the preceding hours. Olympics officials confirmed on Sunday that a cyberattack had hit their systems, but provided few details about the incident. New research published Monday by multiple cybersecurity firms now suggests that a hacking group equipped with “destructive” wiper malware, dubbed “Olympic Destroyer,” may have been behind the disturbance. While various experts have already begun to assess the parties responsible Olympic Destroyer — blaming nondescript hackers linked to either North Korea, China or Russia — the technical evidence to support such a conclusion is sparse. It’s notoriously difficult […]
The post Winter Olympics cyberattacks meant to ‘send a message’ appeared first on Cyberscoop.
Continue reading Winter Olympics cyberattacks meant to ‘send a message’