Hackers with alleged ties to Russia have infected three energy and transport companies in Ukraine and Poland with sophisticated malware attacks.
Researchers from the Slovakian IT security firm ESET company uncovered a hacking group called GreyEnergy that is said to be the successor of the BlackEnergy APT group. The last one, according to the ESET, was responsible for the cyber-attack against companies of Ukrainian critical infrastructure that left almost 230,000 people without electricity.
Although ESET doesn’t attribute GreyEnergy’s activities to any state, the United Kingdom and other cyber firms like FireEye and iSight have tied the attacks on Ukraine’s power grid to Russian cyber espionage group and, moreover, Russia’s GRU.
The UK’s National Cyber Security Centre (NCSC) indicated earlier this month that the GRU are associated with the following hacking groups: APT 28; Fancy Bear; Sofacy; Pawnstorm; Sednit; CyberCaliphate; Cyber Berkut; Voodoo Bear; BlackEnergy Actors; STRONTIUM; Tsar Team; Sandworm. These groups were implicated in cyber attacks targeting political institutions, businesses, media and sport in various countries of the world.
Nevertheless, Russia has denied any involvement in the attacks or the hackers.