| abstract | - In October 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced that several industrial control systems had been infected by a variant of a Trojan horse malware program called BlackEnergy. Originally designed for "nuisance spam attacks," the software for BlackEnergy was first reported in 2007 and is designed to target critical energy infrastructure. BlackEnergy is a special concern for critical infrastructure companies because the software is being used in an Advanced Persistent Threat (APT) form ostensibly to gather information. While no attempts to “damage, modify, or otherwise disrupt the victim systems’ control processes were found,” the ICS-CERT alert indicates that this APT variant of BlackEnergy is a special concern because it is a modular malware capable moving through network files onto removable storage media. Hackers are reported to have used the BlackEnergy Trojan horse to deliver plug-in modules used for several purposes, including keylogging, audio recording, and grabbing screenshots. Researchers looking at the BlackEnergy malware are reported to have identified a plug-in that can destroy hard disks, and believe that the attackers will activate the module once they are discovered in order to hide their presence.43
|
