Tuesday, 23 September 2014

BlackEnergy: Trojan attacks Ukraine and Poland

ESET follows a Trojan, that targeted a large number of state organizations and private businesses in Ukraine and Poland. BlackEnergy is designed for remote code execution and for collecting data from targets’ hard drive.

BlackEnergy is a trojan that has undergone significant functional changes since it was first analysed in 2007. The BlackEnergy malware family has served many purposes throughout its history, including DDoS attacks, spam distribution, and bank fraud. The malware variants that we have tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks.

We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets. Approximately half of these victims are situated in Ukraine and half in Poland, and include a number of state organizations and various businesses.

The spreading campaigns that we have followed have used either technical infection methods through exploitation of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.

The full text and images about the BlackEnergy trojan - available here.