Critical Infrastructure Security, Incident Response, Malware, TDR

BlackEnergy evolving to attack new sectors

Trend Micro is reporting that Russian hackers likely attempted to use BlackEnergy malware to attack a mining operation and railway, in addition to taking down two power plants in the Ukraine in December.

Trend Micro Senior Threat Researcher Kyle Wilhoit reached this conclusion after he and a co-worker found samples of BlackEnergy and KillDisk, a disk-wiping malware, within the systems of the mining company and railway. These were similar to samples found in the Ukrainian power plants that were knocked offline plunging more than 1 million Ukrainians into the dark.

“The possible infections in the mining and railway organizations appear to use some of the same BlackEnergy and KillDisk infrastructure that were seen in the two power facilities attacks,” Wilhoit wrote in a blog.

This means other companies outside the energy sector need fear and prepare to defend themselves against BlackEnergy, he said.

Wilhoit went so far as to say that the successful attacks on the power grid and failed attempts on the other firms were politically motivated.

“While the motivation for the said attacks has been the subject of heavy speculation, these appear to be aimed at crippling Ukrainian public and critical infrastructure in what could only be a politically motivated strike,” he wrote.

CNN reported on Jan. 11 that Elizabeth Sherwood-Randall, deputy energy secretary, specifically named Russia as the actor behind the December cyber attack. The news network cited a person who was familiar with Sherwood-Randall's presentation.

The Ukraine is currently waging a battle against a separatist movement that is being backed militarily by the Russian government.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.