BlackEnergy by the SSHBearDoor (by ESET Research)

[Ink]

News-friendly version: BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry

On December 23rd, 2015, around half of the homes in the Ivano-Frankivsk region in Ukraine (population around 1.4 million) were left without electricity for a few hours. According to the Ukrainian news media outlet TSN, the cause of the power outage was a “hacker attack” utilizing a “virus”.

Looking at ESET’s own telemetry, we have discovered that the reported case was not an isolated incident and that other energy companies in Ukraine were targeted by cybercriminals at the same time.

Furthermore, we found out that the attackers have been using a malware family on which we have had our eye for quite some time now: BlackEnergy. Specifically, the BlackEnergy backdoor has been used to plant a KillDisk component onto the targeted computers that would render them unbootable.

Technical Report by ESET: BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry

Further Reading: SANS Security Blog | Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered