Black Energy
-
First known sample
2010 -
Discovery
2013 -
Number of targets
100-1000 -
Current status
Active -
Type
Complex cyberattack platform -
Targeted platforms
Cisco IOS , Linux , Windows -
TOP targeted countries
Azerbaijan , Belarus , Iran , Israel , Kazakhstan , Kyrgyzstan , Lithuania , Poland , Russia , United Arab Emirates
More about the Black Energy malware, its infection chain and capabilities
-
The way of propagation
File infection , LAN spreading , Social engineering , USB cables -
Purpose/Functions
Cyberespionage , DDoS , Data theft , Data wiping -
Special features
The malware has a wide range of targets: power generation site owners, power facilities construction, power generation operators, large suppliers and manufacturers of heavy power related materials, investors, high level government, other ICS construction, federal land holding agencies, municipal offices, federal emergency services, space and earth measurement and assessment labs, national standards body, banks, high-tech transportation, academic research.
-
Targets
Wide range of targets -
Artefacts/Attribution
Russian-speaking authors
-
Description
This malware is well-known for its highly destructive activity. After spear-phishing its way into systems, it’s taken down hard drives, host systems, network equipment, business organizations, worldwide shipping enterprises, ATMS, railways, news media organizations, and electrical grids. It’s also targeted remote server side ICS software and network equipment vulnerabilities.