This is not the first time that BlackEnergy has been used to attack industrial control systems. In 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, warned that multiple companies running HMI (human-machine interface) products from General Electric, Siemens and BroadWin/Advantech had their systems infected with BlackEnergy.
HMIs are software applications that provide a graphical user interface for monitoring and interacting with industrial control systems.
Another recent addition to the group's arsenal is a backdoored version of a SSH server called Dropbear. The ESET researchers have seen the BlackEnergy attackers deploying a variant of this software on compromised machines that had been pre-configured to accept a hard-coded password and key for SSH authentication.
Sign up for CIO Asia eNewsletters.