New Malware Targets Industrial Control Systems

A threat group, dubbed GreyEnergy, is targeting industrial control system workstations and servers running supervisory control and data acquisition (SCADA) software. The group targets these systems with the GreyEnergy malware capable of obtaining backdoor access, exfiltrating files, capturing screenshots, logging keystrokes, and stealing credentials. The malware is being used for espionage and reconnaissance activity and currently has no destructive capabilities; however, the malware’s modular architecture allows it to expand its capabilities. Researchers at ESET consider GreyEnergy the successor to the BlackEnergy malware used in the Ukrainian cyber-attack blackout of 2015 and is linked to the TeleBots group responsible for the NotPetya attack of 2017. GreyEnergy has targeted energy companies in the Ukraine and Poland. The NJCCIC recommends energy and other critical infrastructure companies review the ESET report on GreyEnergy, implement a defense-in-depth cybersecurity strategy, and keep anti-virus/anti-malware software updated with the latest signatures.