The advanced persistent threat (APT) actor behind the recent attacks targeting Ukraine has started delivering BlackEnergy malware using specially crafted Word documents with embedded macros. BlackEnergy malware, which is leveraged by one or multiple groups, has become increasingly sophisticated and its operators have been using it to target energy and ICS/SCADA companies from across the world. A recent campaign involving BlackEnergy malware has been seen targeting Ukraine’s critical infrastructure. A coordinated attack launched against the country’s energy sector in December resulted in power outages in the Ivano-Frankivsk region. Investigators found BlackEnergy malware on infected systems, along with a destructive plugin known as KillDisk that is designed to delete data and make systems inoperable. However, experts believe the malware is not directly responsible for the outages, and instead it only helped attackers cover their tracks and make it more difficult to restore service.
View full story
ORIGINAL SOURCE: Security Week