Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Struggling power stations in the Ukraine are being targeted again with backdoors

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 21, 2016

Several struggling power stations and substations in the Ukraine are being targeted again with backdoors in attacks possibly linked to those fingered for recent blackouts in the county.

The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks.

'BlackEnergy' ripped through Ukrainian utilities in what is largely considered the root cause of mass power outages on December 23rd in the Prykarpattya Oblenergo and Kyivoblenergo utility systems.

Power was cut to some 80,000 customers for 6 hours and Ukraine's nation's security service has pointed the finger at the Kremlin.

Now the power utilities are being served malicious Microsoft XLS files, which attempt to execute the open source G-Cat backdoor, a technique that has been used in many other attacks of the same type.

Just a few days ago, there was a cyber attack at Kiev's main airport. Several services were down over the weekend. The incident sparked a renewed warning from Ukraine's Computer Emergency Response Team (CERT-UA) about further so-called 'BlackEnergy' malware-based attacks.

ESET threat man Robert Lipovsky says users are urged to execute macros and will be served with a Trojan downloaded from a remote server.

"This backdoor worm is able to download executables and trigger nasty shell-commands on the fly," said Lipovsky.

"Other GCat backdoor functionality, such as making screenshots, keylogging, or uploading of specific files, was removed from the source code.

"To be sure, the backdoor is controlled by remote attackers using a simple Gmail account, which makes it difficult to detect such traffic on the network," asserted Lipovsky.

He added that the attacks should not necessarily be blamed on Russia, nor with complete certainty on any other actor or nation since it's still premature to point any finger.

Many internet security researchers are currently working in tandem on threat intelligence and forensics in the wake of the Ukrainian BlackEnergy attacks.

Source: Ukraine's Computer Emergency Response Team.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer