BlackEnergy APT group grabbed headlines in 2015 after deploying a cyber attack on Ukraine’s power industry, leaving 230,000 people without electricity for several hours. This attack, which unfavorably occurred two days before Christmas, was one of the biggest cyber attacks on an industrial network in the last few years, and was the first complete power outage caused by a cyber attack.

This week, ESET researchers discovered a previously unknown APT group whom they’ve dubbed GreyEnergy, which seems to be a BlackEnergy subgroup. Evidence of GreyEnergy activity has been recognized months back, yet it seems that, so far, they have been working under the radar on espionage and reconnaissance operations. (Such as file extraction, backdoor installation, keylogging, etc) This may be in preparation for the next big industrial cyber attack, as the GreyEnergy threat actors have been spotted targeting ICS control systems running SCADA software.

 

ThreatSTOP protects customers against GreyEnergy. To ensure you are protected, make sure that TS Originated - Core Threats - IPs and TS Originated - Core Threats - Domains targets are enabled.

 

Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?

Get a Demo