Hackers accused of ties to Russia hit 3 E.European companies

Hackers accused of ties to Russia hit 3 E.European companies

by Joseph Anthony
131 views

Hackers have infected three energy and transport companies in Ukraine and Poland with sophisticated new malware and may be planning destructive cyber attacks, a software security firm said on Wednesday.


A report by researchers at Slovakia-based ESET did not attribute the hacking activity, recorded between 2015 and mid-2018, to any specific country but blamed it on a group that has been accused by Britain of having links to Russian military intelligence.

The report is the latest to raise suspicions in the West about Russiaโ€™s GRU spy agency, accused by London of conducting a โ€œreckless campaignโ€ of global cyber attacks and trying to kill a former Russian spy in England. Moscow denies the charges.

Investigators at ESET said the group responsible for a series of earlier attacks against the Ukrainian energy sector, which used malicious software known as BlackEnergy, had now developed and used a new malware suite called GreyEnergy.

ESET has helped investigate a series of high-profile cyber attacks on Ukraine in recent years, including those on the Ukrainian energy grid which led to power outages in late 2015.

Kiev has accused Moscow of orchestrating those attacks, while U.S. cybersecurity firm FireEye says a group known as Sandworm is thought to be responsible. Britainโ€™s GCHQ spy agency said this month that BlackEnergy Actors and Sandworm are both names associated with the GRU.

โ€œThe important thing is that they are still active,โ€ ESET researcher Robert Lipovsky told Reuters. โ€œThis shows that this very dangerous and persistent โ€˜threat actorโ€™ is still active.โ€

Kremlin spokesman Dmitry Peskov said there was no evidence to support the allegations against the GRU and that Russia does not use cyber attacks against other countries.


โ€œThese are just more accusations. We are tired of denying them, because no one is listening,โ€ he said.

After infection via emails laced with malicious weblinks or documents โ€“ a tactic known as โ€œspear phishingโ€ โ€“ or by compromising servers exposed to the internet, GreyEnergy allowed the attackers to map out their victimโ€™s networks and gather confidential information such as passwords and login credentials, ESET said.

Lipovsky said his team then saw the hackers seek out critical parts of the companiesโ€™ systems, including computers which ran industrial control processes.

โ€œIt is my understanding that this was the reconnaissance and espionage phase, potentially leading up to cyber sabotage,โ€ he said.

GLOBAL HACKING CAMPAIGN

The ESET report did not name the three companies infected in Ukraine and Poland, and Reuters was unable to identify them.

Ukraineโ€™s Cyber Police confirmed the attacks on two Ukrainian companies but declined to give any further details. Polandโ€™s Internal Security Agency declined to comment.


Ben Read, a senior manager on FireEyeโ€™s espionage analysis team, said his own work corroborated ESETโ€™s report and that the Sandworm group was probably responsible.

The activity โ€œis similar to the group we track as Sandworm,โ€ he said. โ€œAnd activity that we attribute to Sandworm has been named by the U.S. Department of Justice as being the GRU.โ€

Western countries including Britain and the United States issued a coordinated denunciation of Russia as a โ€œpariah stateโ€ this month for what they described as a global hacking campaign run by the GRU.

GRU hackers have targeted institutions ranging from sports anti-doping bodies to a nuclear power company and the world chemical weapons watchdog, they said, as well as releasing the devastating โ€œNotPetyaโ€ cyber worm which caused billions of dollars of damage worldwide in 2017.


The GRU, now formally known in Russia by a shorter acronym GU, is also accused by Britain of carrying out a nerve agent attack in England on former GRU officer Sergei Skripal. Moscowโ€™s relations with the West have hit a post-Cold War low over Russiaโ€™s role in the conflicts in Ukraine and Syria.

Lipovsky and fellow ESET researcher Anton Cherepanov said the BlackEnergy attackersโ€™ decision to upgrade to the new GreyEnergy malware may have been motivated by a need to cover their tracks and deflect attention from their activities.

The power outages triggered by the BlackEnergy attacks in Ukraine in December 2015 drew international attention and are recognised as the first blackout caused by a cyber attack.

โ€œThreat actors need to switch up their arsenal from time to time,โ€ Lipovsky said.

You may also like

Leave a Comment

Chijos News is an independent online publication that provides readers with the latest breaking Nigerian news, world news, entertainment, sports, business, and many more.

@2024 – Chijosnews.com. All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00