Dridex, Pony, and Neutrino…oh my!

From time to time, there will be an overlap with malware infrastructure where one attacker will compromise another attacker’s infrastructure. Typically, this is part of the “compromised infrastructure” which can fluctuate, and attackers have even been seen to uninstall one another’s malware. However, in this case, we strongly believe that the actors are experimenting with Dridex, Pony, and Neutrino.

Russian Hacking Group Sandworm Targeted US Before Knocking Out Power In Ukraine

IBTimes_logo It’s not every day that someone turns off the electricity for more than half a million people just by sending an email. In fact, it had never happened until last month, when hackers tricked Ukrainian power plant employees into giving them access to industrial control systems, the equivalent of a switch that regulates electricity flow out of a power plant. Read More

Translation Update: How to Pwn an Electric Company (or Anyone Else, for That Matter)

1/13/2016 Update: The blog has been updated to reflect the translation of the BlackEnergy word document.

On January 4th, ESET released an amazing blog post about the BlackEnergy Trojan being used to attack power companies in the Ukraine to knock out the power in some areas. While this is not the first time we’ve seen cyber attacks become kinetic, the BlackEnergy attacks could have been prevented.