Weaponized Malware BlackEnergy Suspected to Have Hit Ukraine Power Company

Ongoing Campaign Damages Accrue to Hundreds of Millions of Dollars

Jan 04, 2016, 13:45 ET from CyberX

PALO ALTO, California, January 4, 2016 /PRNewswire/ --

As detailed in SOCPRIME's report BlackEnergy was used again in the massive attack that hit the entire media industry in the Ukraine during elections 2 months ago. Now it is also suspected to be the root cause of the Crimea power cut on the day before Christmas Eve.

The report provides details regarding the backdoor part of the malware, stating BlackEnergy was planted "months ahead before the elections date". The publication also credits the CyberX report published by DarkReading in May 2015 "warning that there might be more undiscovered BlackEnergy components". The report detailed exfiltration of data from ICS networks, which is considered highly valuable, and acts as a "necessary step before starting a large scale operation". The attack on the Ukraine media industry is considered an example of this type of large scale operation.

CyberX research of the attack on the Ukraine media has produced additional information on top of ESET's report, such as formatting of the drives and resetting of the host. Additional information, missing in ESET's report, is the potential method of operation used by the attacker of the Ukraine Power Company. This method, not yet authorized for publication, is in the process of proper disclosure.

As the research into this campaign is underway, involving security giants such as ESET and Kaspersky, additional discoveries are due to be published soon, shedding light on the attackers' motives and level of sophistication. But regardless of how this plays out, it is estimated that the damages resulting from the BlackEnergy ongoing campaigns have accrued to hundreds of millions of dollars, ranging from the latest sabotage during the Ukraine Elections to exfiltration of data from defense contractors and energy firms, and the alleged attack on the Ukraine Power Company.

Contact information:

Yael Beeri