Network of a European Energy Company Found Containing Sophisticated Malware

Security researchers have discovered a recent malware campaign that is targeting the energy companies of Europe. "Sophistication" and "extreme" capabilities for detecting security evading are so excellent, that the researchers consider it as "a nation-state sponsored initiative". Researchers suspect that Eastern Europe engineers developed this malware.

Cybersecurity researchers of SentinelOne Labs says that the malware infecting at least one energy company in Europe, takes "extreme measures" to evade detection before droping its payload, used to report information about the infected network back to a command-and-control centre.

Hackers have targeted Power companies before like the cyberattack against an Ukranian power grid causing blackouts in December last year.

Zdnet.com posted on July 12th, 2016, stating that the researchers don't name the state behind the malware, but it is of "Eastern European origin" and has characters which suggest that it may be the work of a nation state; specifically the sophistication of the sample malware and the cost required to develop something as advanced in nature.

Encryption of malware code has been done in such manner that it is hard to analyze and detect it. Additionally, the malware code can disable and uninstall the antiviruses, besides avoiding security detection. After gaining administrative privileges, the code conducts a detailed survey of network as well as reports the results to the operators, and then awaits additional instructions.

The malware was designed to progress with extreme care while running within the systems using technically advanced verification measures, such as fingerprint scanners, facial recognition, and others.

The malware then raises the existing user to administrator group and then proceeds with its normal behavior. As per SentinelOne, Furtime's guardian is malware dropper; a type of malware normally employed for downloading more strong threats.

SentinelOne analyzed this threat technically and revealed clearly that this is not the work of usual cybercrime syndicates. They further revealed that it is the work of a group that is nation-state sponsored, and has sufficient time as well as resources for developing tool for particular environments (that deploy biometrics) and puts an absurd extent of effort into remaining unidentified.

» SPAMfighter News - 7/20/2016