GreyEnergy Potential Successor of BlackEnergy
October 19, 2018 / Kacy Zurkus
GreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET. Back in December of 2015, when approximately 230,000 people suffered a blackout after the APT group BlackEnergy attacked a power grid in Ukraine, researchers at ESET reportedly detected another malware framework, which they dubbed GreyEnergy. Since then, the group has been attacking energy companies and other high-value targets in Ukraine and Poland. Unlike other attacks on power grids, the attacks of GreyEnergy have not resulted in mass destruction, which ESET said might be one reason why the APT has not been documented until now. The stealthy attackers have remained undetected while focusing on espionage and reconnaissance, which ESET presumed is an indication that the group is either preparing for future cyber-sabotage attacks or laying the groundwork for an operation run by some other APT group.