1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

Discussion in 'CSO' started by RSS, Jan 4, 2016.

  1. RSS

    RSS New Member Member

    A cyberespionage group focused on companies and organizations in the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.

    The group is known in the security community as Sandworm or BlackEnergy, after its primary malware tool, and has been active for several years. It has primarily targeted companies that operate industrial control systems, especially in the energy sector, but has also gone after high-level government organizations, municipal offices, federal emergency services, national standards bodies, banks, academic research institutions and property companies.

    MORE ON CSO: How to spot a phishing email

    Over the past few months, the group has targeted organizations from the media and energy industries in Ukraine, according to security researchers from antivirus vendor ESET. These new operations have brought to light some changes in the group's techniques.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page