Russia-Related Hackers Infect East European Energy, Transport Companies: Report


    Three energy and transport companies in Ukraine and Poland have been infected by hackers with sophisticated new malware, with destructive cyberattacks possibly planned, a software security firm said on Wednesday, according to Reuters.

    A report by researchers at Slovakia-based firm ESET did not attribute the hacking activity, recorded between 2015 and mid-2018, to any specific country but blamed it on a group that has been accused by Britain of having links to Russian military intelligence.

    Russia’s GRU spy agency has been accused by London of conducting a “reckless campaign” of global cyberattacks and trying to kill a former Russian spy in England. Moscow denies the charges.

    Investigators at ESET said the group responsible for a series of earlier attacks against the Ukrainian energy sector, which used malicious software known as BlackEnergy, had now developed and used a new malware suite called GreyEnergy.

    ESET has helped investigate a series of high-profile cyberattacks on Ukraine in recent years, including those on the Ukrainian energy grid which led to power outages in late 2015.

    Kiev has accused Moscow of orchestrating those attacks, while U.S. cybersecurity firm FireEye says a group known as Sandworm is thought to be responsible. Britain’s GCHQ spy agency said this month that BlackEnergy Actors and Sandworm are both names associated with the GRU.

    “The important thing is that they are still active,” ESET researcher Robert Lipovsky told Reuters. “This shows that this very dangerous and persistent ‘threat actor’ is still active.”

    According to Kremlin spokesman Dmitry Peskov, there was no evidence to support the allegations against the GRU and that Russia does not use cyberattacks against other countries. “These are just more accusations. We are tired of denying them because no one is listening,” he said.

    After infection via emails laced with malicious weblinks or documents – a tactic known as “spear phishing” – or by compromising servers exposed to the internet, GreyEnergy allowed the attackers to map out their victim’s networks and gather confidential information such as passwords and login credentials, ESET said.