Researchers from ESET yesterday exposed a previously undisclosed threat group that descended from TeleBots, the APT group known for launching the BlackEnergy trojan and NotPetya attacks against Ukraine in recent years.

Dubbed GreyEnergy, the actor is comparable to the BlackEnergy group (which later changed strategies and became known as TeleBots or Sandworm) in that it heavily targets the energy sector and critical infrastructure in Ukraine. But it operates more stealthily, focusing on espionage and reconnaissance operations while using a more modern toolset than its predecessor. It also has a more expansive  reach, notably targeting Poland, as well as showing interest in non-energy business sectors, including transportation.

In a company blog post and a corresponding research report, ESET notes that GreyEnergy malware also has a modular design and command-and-control architecture that is highly similar to the BlackEnergy malware that was prominently used in a December 2015 attack against the Ukrainian energy grid, causing widespread blackouts. In fact, ESET says this was around the time of this historic attack that its researchers first detected the GreyEnergy malware framework as an offshoot of BlackEnergy.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.