Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

Lucian Constantin | Jan. 5, 2016
The group recently attacked Ukrainian energy distribution and media companies causing power and data loss.

This is not the first time that BlackEnergy has been used to attack industrial control systems. In 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, warned that multiple companies running HMI (human-machine interface) products from General Electric, Siemens and BroadWin/Advantech had their systems infected with BlackEnergy.

HMIs are software applications that provide a graphical user interface for monitoring and interacting with industrial control systems.

Another recent addition to the group's arsenal is a backdoored version of a SSH server called Dropbear. The ESET researchers have seen the BlackEnergy attackers deploying a variant of this software on compromised machines that had been pre-configured to accept a hard-coded password and key for SSH authentication.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.