A cyberespionage group focused on companies and organizations in the energy sector recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.
The group is known in the security community as Sandworm or BlackEnergy, after its primary malware tool, and has been active for several years. It has primarily targeted companies that operate industrial control systems, especially in the energy sector, but has also gone after high-level government organizations, municipal offices, federal emergency services, national standards bodies, banks, academic research institutions and property companies.
Over the past few months, the group has targeted organizations from the media and energy industries in Ukraine, according to security researchers from antivirus vendor ESET. These new operations have brought to light some changes in the group’s techniques.