Cyber security of ICS e SCADA systems in the critical infrastructure is essential, these components are a privileged target of cyber criminals and state sponsor hackers.
The most popular SCADA attack in the history is the one conducted against control systems in the Iranian nuclear plant in Natanz with the Stuxnet malware.
Stuxnet is considered the first cyber weapon used by stop the US/Israeli Government to the Iranian nuclear programme.
Other malware were later designed to target systems managed by the company in the energy industry, Havex, Shamoon and BlackEnergy are some examples of this malware.
A few days ago I have written about the discovery of a new variant of the BlackEnergy malware made by experts at ESET, which provided details of the new campaign that targeted Ukrainian news media and electric industry in 2015.
Now experts at ESET discovered a new component in the BlackEnergy trojan, the KillDisk component, which is capable of destroying some 4000 different file types and rendering machines unbootable.
“ESET has recently discovered that the BlackEnergy trojan was recently used as a backdoor to deliver a destructive KillDisk component in attacks against Ukrainian news media companies and against the electrical power industry. ” states the blog post published by ESET.
The experts speculate that hackers run a spear phishing campaign across the Ukrainian power authorities to spread the destructive variant to the BlackEnergy leveraging on Microsoft Office documents.
The attribution of the attack is not simple, we are only aware that the BlackEnergy malware has a Russian origin and that Russian has a political dispute with the Ukraine that had repercussion also on the cyberspace.
I fear we will witness to other similar attacks in the future, and this is very disturbing.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(Security Affairs – BlackEnergy Trojan, Information Warfare, power outage)