At least three regional power authorities in Ukraine were infected with a highly destructive malware which resulted in a power failure that affected thousands of homes in the Ivano-Frankivsk region last week.
According to Ukraine news sources, the power outage that occured on December 23rd was the result of a malware that disconnected electrical substations. Samples of the code in question were obtained by researchers from the iSIGHT Partners security firm on Monday.
Today, researchers from antivirus provider ESET confirmed that the malware that affected the Ukrainian power authorities is “BlackEnergy”, a malware that was traditional used to conduct espionage on targets in news organizations, power companies, and other industrial groups. Researchers found that this malware, which was originally detected in 2007, has recently been update to include a component called KillDisk. This component allows “BlackEnergy” to destroy critical parts of a computer hard drive and comes with functions that are capable of sabotaging industrial control systems. It also comes with a backdoored secure shell utility (SSH) that gives attackers permanent access to infected computers.
iSIGHT credits the creation of “BlackEnergy” to a group dubbed the Sandworm gang, a group that allegedly has links to the Russia. That said, there is no proof available that directly links the group to the Kremlin.
Source : Ars Technica, Reuters, TSN