Trend Micro is reporting that Russian hackers likely attempted to use BlackEnergy malware to attack a mining operation and railway, in addition to taking down two power plants in Ukraine in December.
Trend Micro senior Threat Researcher Kyle Wilhoit reached this conclusion after he and a co-worker found samples of BlackEnergy and KillDisk, a disk-wiping malware, within the systems of the mining company and railway. These were similar to samples found in Ukrainian power plants that were knocked offline plunging more than a million Ukrainians into the dark.
“The possible infections in the mining and railway organisations appear to use some of the same BlackEnergy and KillDisk infrastructure that were seen in the two power facilities attacks,” Wilhoit wrote in a blog.
This means other companies outside the energy sector need fear and prepare to defend themselves against BlackEnergy, he said.
Wilhoit went so far as to say that the successful attacks on the power grid and failed attempts on the other firms were politically motivated.
“While the motivation for the said attacks has been the subject of heavy speculation, these appear to be aimed at crippling Ukrainian public and critical infrastructure in what could only be a politically motivated strike,” he wrote.
CNN reported on 11 January that Elizabeth Sherwood-Randall, deputy energy secretary, specifically named Russia as the actor behind the December cyber-attack. The news network cited a person who was familiar with Sherwood-Randall's presentation.
Ukraine is currently waging a battle against a separatist movement that is being backed militarily by the Russian government.