Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

GreyEnergy: Welcome to 2019

Uk-power-grid
Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. Figure 1. Possible GreyEnergy sample

This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015.

The Cybaze-Yoroi ZLAB researchers dissected this new sample to investigate its attribution.

Background – Past Research

According to a recent ESETreport, GreyEnergy malware is part of the new cyber arsenal of the BlackEnergy APT group, whose main toolset was last seen back in 2015 during the Ukraine power grid cyber-attack. It typically spreads through two different vectors:

  1. perimeter breach, for instance compromising company’s websites;
  2. spear-phishing emails and malicious attachments.

The GreyEnergy implant is also known as “FELIXROOT” backdoor: FireEye researchers published a technicalarticleon...(continued)

View All Trending Stories