Black Energy

  • First known sample

    2010
  • Discovery

    2013
  • Number of targets

    100-1000
  • Current status

    Active
  • Type

    Complex cyberattack platform
  • Targeted platforms

    Cisco IOS , Linux , Windows
  • TOP targeted countries

    Azerbaijan , Belarus , Iran , Israel , Kazakhstan , Kyrgyzstan , Lithuania , Poland , Russia , United Arab Emirates
  • The way of propagation

    File infection , LAN spreading , Social engineering , USB cables
  • Purpose/Functions

    Cyberespionage , DDoS , Data theft , Data wiping
  • Special features
    The malware has a wide range of targets: power generation site owners, power facilities construction, power generation operators, large suppliers and manufacturers of heavy power related materials, investors, high level government, other ICS construction, federal land holding agencies, municipal offices, federal emergency services, space and earth measurement and assessment labs, national standards body, banks, high-tech transportation, academic research.
  • Targets

    Wide range of targets
  • Artefacts/Attribution
    Russian-speaking authors
  • Description

    This malware is well-known for its highly destructive activity. After spear-phishing its way into systems, it’s taken down hard drives, host systems, network equipment, business organizations, worldwide shipping enterprises, ATMS, railways, news media organizations, and electrical grids. It’s also targeted remote server side ICS software and network equipment vulnerabilities.

    Additional information