Trusted Design

BlackEnergy by the SSHBearDoor

概要

The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland and BlackEnergy PowerPoint Campaigns, as well as our Virus Bulletin talk on the subject), was also active in the year 2015. ESET has recently discovered that the BlackEnergy trojan was recently used as a backdoor to deliver a destructive KillDisk component in attacks against Ukrainian news media companies and against the electrical power industry. In this blog, we provide details on the BlackEnergy samples ESET has detected in 2015, as well as the KillDisk components used in the attacks. Furthermore, we examine a previously unknown SSH backdoor that was also used as another channel of accessing the infected systems, in addition to BlackEnergy.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• 20160119: Ukraine Power Industry Cyberattacks (score: 0.81)
• BlackEnergy APT Attacks in Ukraine employ spearphishing Word (score: 0.79)
• New wave of cyberattacks against Ukrainian power industry (score: 0.78)
• Domains and Hostnames from the BlackEnergy report (score: 0.77)
• Updated BlackEnergy Trojan Grows More Powerful (McAfee) (score: 0.73)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る