Posted by Martijn Grooten on Jul 3, 2017
In a blog post published on Friday, ESET researcher Anton Cherepanov provides evidence linking last week's (Not)Petya attacks to the BlackEnergy group; Kaspersky researchers also believe there is some evidence the two are linked, though they say there are only low confidence indicators.
Going back at least a decade, and likely cybercriminal in origin, the BlackEnergy malware family became infamous for its use in targeted attacks against the Ukraine. In a VB2014 last-minute paper (video), Anton Cherepanov and his colleague Robert Lipovsky looked at some of the attacks performed by this group – in their presentation, they made the first public mention of what would later become known as the Sandworm vulnerability (CVE-2014-4114), which was patched after they reported it to Microsoft.
At VB2016, Anton and Robert once again spoke about BlackEnergy, this time providing an overview of the group's attacks. Unfortunately, no video of their talk is available, but the paper ('BlackEnergy – what we really know about the notorious cyber attacks') can be read in both HTML and PDF format.
Many researchers will be looking into the recent attacks against the Ukraine, and you will be pleased to know that in the next few weeks, we will open the call for last-minute papers for VB2017, to fill eight remaining presentation slots on the VB2017 programme.
In the meantime, to guarantee yourself a place at the conference (which takes place 4-6 October in Madrid), don't forget to register!