Ukrainian power companies are getting hit with more cyberattacks - mirandaheally1992

A come of Ukrainian power companies are seeing fresh cyberattacks following ones in December that briefly KO'd power for tens of thousands of customers.

Security system vendor Eset said on Wednesday that the attacks use a different sort of malware, prompting questions about whether the same group or groups are up to their necks.

"The malware is based on a freely available open-beginning backdoor – something nobelium one would expect from an declared tell-sponsored malware operator," wrote Robert Lipovsky, a senior malware researcher with Eset.

The new finding deepens the mystery complete who is targeting the Ukrainian companies.

"The current uncovering suggests that the possibility of treacherously flag operations should likewise be reasoned," Lipovsky wrote. "To sum it up, the current discovery does not bestow U.S. some closer to uncovering the origins of the attacks in Ukraine. Happening the reverse, it reminds us to invalidate jumping to rash conclusions."

The December attacks against 2 service providers, Prykarpattyaoblenergo and Kyivoblenergo, are the most well-documented incidents to appointment of a threat against critical infrastructure that experts have long warned was on the way.

Kyivoblenergo said in a affirmation that 80,000 customers were briefly affected after 30 substations went offline. A study of the optical phenomenon showed operators quickly switched to manually operating the stations to doctor service.

The malware utilised in the attacks, known as Black Energy, has been linked by the security firm iSight Partners to a group with strong Russian interests nicknamed the Sandworm Team.

But experts take over cautioned against attributing the attacks to the Russian government activity, which has been an odds with Ukraine since it annexed Crimea in 2022. Attribution of cyberattacks is difficult because attackers can occupy a variety of steps to obscure of origin of their activity.

The SANS Industrial Control Systems (ICS) team published a blog post on Jan. 1 saying the malware probably gave the attackers access to the systems but didn't alone cause the outages.

Lipovsky wrote that the latest attacks started with targeted fishgig phishing emails sent to victims. The emails contained a malicious Microsoft Surpass filing cabinet, which if dead starts a macro that launches a trojan downloader. That code then pulls malware from another remote server.

Eset

A sample of a spear phishing netmail sent newly to employees of Ukrainian power companies.

The malware is a qualified interlingual rendition of the gcat backdoor, Lipovsky wrote.

"The backdoor is restricted by attackers victimisation a Gmail account statement, which makes it difficult to detect such dealings in the network," atomic number 2 wrote.

Source: https://www.pcworld.com/article/419260/ukrainian-power-companies-are-getting-hit-with-more-cyberattacks.html

Posted by: mirandaheally1992.blogspot.com

Share this post