One payload observed by the SentinelOne researchers was used to gather information from infected systems and to send it back to a command-and-control server. This was most likely a reconnaissance tool, but the dropper could also be used to download components designed to extract sensitive data or to perform destructive actions.
Energy production and distribution companies are an attractive target for state-sponsored cyberattackers because their systems can potentially be used to cause physical damage. This is what happened in December in Ukraine, when hackers used malware to break into utilities and cause large-scale blackouts.
Sign up for CIO Asia eNewsletters.