As critical infrastructure attacks become a more prominent threat, a mysterious new collective emerges.
Researchers at cybersecurity firm ESET have uncovered details of a successor to the notorious BlackEnergy APT (advanced persistent threat) group. Dubbing the new collective GreyEnergy, ESET said the new threat actor focuses on espionage and reconnaissance, possibly in preparation for future sabotage attacks.
BlackEnergy had been active in Ukraine for a number of years, rising to prominence in December 2015, when the group caused a blackout that left 230,000 people without electricity in the country. Around this time, ESET researchers also began detecting the new GreyEnergy malware framework.
This framework has been used to attack energy companies and other high-value targets in Ukraine and Poland for the past three years. Its appearance also coincided with the apparent disappearance of BlackEnergy. The VPNFilter malware from earlier in 2018 had some shared code with