Russia, Ukraine, Poland, Lithuania, Belarus, Azerbaijan, Kyrgyzstan, Kazakhstan, Iran, Israel
Social engineering
USB drives
LAN spreading
File infection
Cyberespionage
DDoS
Data theft
Data wiping
The malware has a wide range of targets: power generation site owners, power facilities construction, power generation operators, large suppliers and manufacturers of heavy power related materials, investors, high level government, other ICS construction, federal land holding agencies, municipal offices, federal emergency services, space and earth measurement and assessment labs, national standards body, banks, high-tech transportation, academic research.
BlackEnergy is designed to execute "tasks" that are commissioned by its C&C servers and implemented by the plugins. Apart from the Windows plugins, there are known plugins for ARM/MIPS architecture and tcl scripts for Cisco.
Wide range of targets
Russian-speaking authors
The blog post and research paper are available atSecurelist.com
