Collaborate Disseminate
The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack. Continue reading GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
For the past three years, a stealthy cyberespionage group has been targeting energy companies, primarily from Poland and Ukraine, using a new malware framework dubbed GreyEnergy. GreyEnergy is a modular malware platform which, according to researchers… Continue reading BlackEnergy Successor Hits Energy Companies Since 2015
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. Continue reading NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
Analysis of a new backdoor program allowed malware researchers to establish clear links between the cyberattacks that led to power outages in Ukraine in 2015 and 2016 and the NotPetya ransomware outbreak. The new backdoor is called Exaramel and is use… Continue reading Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
Those responsible for two of the largest ransomware attacks of 2017 designed their malware to carefully handle computers with Russian anti-virus products installed, security researchers have told CyberScoop. For the third time in less than six months, a ransomware-style cyberattack spread across Eastern Europe in a matter of hours. The attack, dubbed “BadRabbit,” infected computers inside Ukrainian and Russian government agencies, Ukrainian transportations facilities and Russian news outlets among other targets; causing a disruption in normal business operations that continues for some until today. Although most of BadRabbit’s impact occurred in Russia, there’s evidence that the malware compromised organizations in several countries other than Ukraine, including Japan and Turkey. The virus, when successfully installed, will encrypt files and then request a payment in the form of Bitcoin from victims in order to unlock their systems. Experts say there’s likely more to the story than a simple ransom collection. An investigation into […]
The post Global ransomware attacks tiptoed around Russian anti-virus products appeared first on Cyberscoop.
Continue reading Global ransomware attacks tiptoed around Russian anti-virus products
A software toolkit used in an expansive cyberattack that affected hundreds of organizations across Eastern Europe Tuesday has been linked to a hacking group known as BlackEnergy APT or Telebots, security researchers tell CyberScoop. This threat actor was also responsible for a similar attack dubbed “NotPetya” which largely affected Ukraine and was designed to wipe data from computers rather than collect ransoms when it was executed in June. Experts say BlackEnergy APT acts in the interests of the Kremlin. In the past, the group has repeatedly attacked Ukrainian organizations, including the country’s critical infrastructure sector. The latest variant of ransomware flooding across Europe is named “BadRabbit.” It requires that victims infected with the malware send bitcoin to an anonymous digital wallet in order to unlock their systems — until payment is received, affected computers remain largely unusable. “It appears that the two [ransomware] attacks are connected,” said Costin Raiu, director of the Global Research […]
The post Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack appeared first on Cyberscoop.
Continue reading Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack
The world’s largest container shipping company, A.P. Moller-Maersk, has said that it expects as much as a $300 million dip in profits due to a June 27 ransomware incident, the firm noted in a public report released Wednesday. Maersk executives said they expected losses of between $200 million and $300 million — which will be reflected in the next earnings report — because of a “significant business interruption” caused by the spread of a ransomware variant known as NotPetya inside corporate networks. The disclosure was attached to Maersk’s second-quarter earnings report. Public companies are required to publicly update their investors on the state of the business once every fiscal quarter. While NotPetya was engineered to look like ordinary ransomware, the virus held hidden code that would delete files on an infected computer. Ransomware is not typically designed to be destructive. In most cases, ransomware operators hope to encrypt files on […]
The post Maersk may lose up to $300M due to NotPetya attack appeared first on Cyberscoop.
Continue reading Maersk may lose up to $300M due to NotPetya attack
Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. Continue reading Researchers Find BlackEnergy APT Links in ExPetr Code
The main suspect behind the recent global ransomware attack is a hacking group with suspected ties to Russia and a history of launching destructive computer viruses, according to research conducted by Czech cybersecurity firm ESET. The company has pegged the attack to a group known as Telebots or Sandworm. “The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine. Instead of spearphishing emails with documents containing malicious macros, they used a more sophisticated scheme known as a supply-chain attack,” writes Anton Cherepanov, a senior malware researcher with ESET, in a blog post. “The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities.” While the spread of so-called PetrWrap or NotPetya turned into global news as thousands of computers were locked down by the virus, the incident plays into a larger and already established narrative of hackers repeatedly using wiper malware and defunct ransomware, […]
The post Early indications point to Sandworm hacking group for global ransomware attack appeared first on Cyberscoop.
Continue reading Early indications point to Sandworm hacking group for global ransomware attack
The main suspect behind the recent global ransomware attack is a hacking group with suspected ties to Russia and a history of launching destructive computer viruses, according to research conducted by Czech cybersecurity firm ESET. The company has pegged the attack to a group known as Telebots or Sandworm. “The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine. Instead of spearphishing emails with documents containing malicious macros, they used a more sophisticated scheme known as a supply-chain attack,” writes Anton Cherepanov, a senior malware researcher with ESET, in a blog post. “The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities.” While the spread of so-called PetrWrap or NotPetya turned into global news as thousands of computers were locked down by the virus, the incident plays into a larger and already established narrative of hackers repeatedly using wiper malware and defunct ransomware, […]
The post Early indications point to Sandworm hacking group for global ransomware attack appeared first on Cyberscoop.
Continue reading Early indications point to Sandworm hacking group for global ransomware attack