NEW DELHI, INDIA: Researchers at ESET have found a
connection between the recent cyber-attacks against energy companies in
Ukraine in December 2015 and the attacks on media and Ukrainian
government agencies. Analysing the KillDisk malware used in the attacks,
ESET researchers found out that the new variant of this malware
contained some additional functionality for sabotaging industrial
systems.
The BlackEnergy backdoor trojan is modular and employs various downloadable components to carry out specific tasks. In 2014, it was used in a series of cyber-espionage attacks against high-profile, government-related targets in Ukraine. In the recent attacks against electricity distribution companies, a destructive KillDisk trojan was downloaded and executed on systems previously infected with the BlackEnergy trojan.
The first known link between BlackEnergy and KillDisk was reported by the Ukrainian cyber-security agency, CERTUA, in November 2015. In that instance, a number of news media companies were attacked at the time of the 2015 Ukrainian local elections. The report claims that a large number of video materials and various documents have been destroyed as a result of the attack.
The KillDisk variant used in the recent attacks against Ukrainian
power distribution companies also contained some additional
functionality. In addition to being able to delete system files to make
the system unbootable – functionality typical for such destructive
trojans – this particular variant contained code specifically intended
to sabotage industrial systems. “Apart from the regular KillDisk
functionality, it would also try to terminate processes that may belong
to a platform commonly used in Industrial Control Systems,” said Anton
Cherepanov, Malware researcher at ESET.
No comments:
Post a Comment