Researchers link tools used in NotPetya and Ukraine grid hacks

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments have linked to the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of those ties, citing a pattern of “backdoors” —  or tools for remote access  — used by the hackers. In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the “Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on the Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for … Continue reading Researchers link tools used in NotPetya and Ukraine grid hacks