An investigation of ESET reveals that the group aimed at attacking critical infrastructures, responsible for cutting the power to an entire city, account with a new arsenal of tools and possibly is preparing new attacks.
ESET, a leading proactive threat detection company, discovered the details of a successor to the BlackEnergy APT group. Named GreyEnergy by ESET, this threat actor focuses on espionage and reconnaissance, and is possibly in preparation for future Cibersabotaje attacks.
BlackEnergy has been attacking Ukraine for years and stood out in December 2015 Cuandocausó a blackout that left 230,000 people without electricity, achieving the first blackout caused by a cyberattack. Since this cutting-edge incident, ESET researchers have been following these malicious activities to detect an evolution of the threat they have called GreyEnergy.
“We’ve seen GreyEnergy involved in attacks on energy companies and other high-value targets in Ukraine and Poland over the past three years,” says Anton Cherepanov, ESET’s senior security investigator who led the investigation. The 2015 attack on Ukraine’s energy infrastructure was the most recent operation known to be used in the BlackEnergy toolset. Subsequently, ESET researchers documented a new APT subgroup, Telebots.