The exploit affects all versions of Microsoft Windows and has been developed to bypass traditional antivirus solutions, next-generation firewalls, and even more recent endpoint solutions that use sandboxing techniques to detect advanced malware. The malware is most likely a dropper tool being used to gain access to carefully targeted network users, which is then used either to introduce the payload, which could either work to extract data or insert the malware to potentially shut down an energy grid. Upon discovery, the team reverse engineered the code and believes that based on the nature, behavior and sophistication of the malware and the extreme measures it takes to evade detection, it likely points to a nation-state sponsored initiative, potentially originating in Eastern Europe. The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one energy company. The focus of our analysis was on the characteristics of the malware, not the attribution or target. ![]() We want to emphasize that we do not have any evidence that this is in fact the case. Update, 14-July: There have been a number of stories published since the posting of this blog that have suggested this attack is specifically targeting SCADA energy management systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |