We’ve recently detected a new distribution mechanism for BlackEnergy 3 that’s actively in use today affecting SCADA systems across Europe. BlackEnergy of course has been in existence since 2007, and has evolved significantly into a complete rootkit that can perform data exfiltration and network sniffing, among other tasks. In the following write up SentinelOne security researchers detail the results of reverse engineering this latest sample that demonstrates a new delivery tactic utilizing Microsoft Office.
Read more about Cyber Security
- Apple OS X Zero Day Vulnerability Can Bypass System Integrity Protection
- CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day
- In-the-Wild WPAD Attack | How Threat Actors Abused Flawed Protocol For Years
- Is SquirrelWaffle the New Emotet? How to Detect the Latest MalSpam Loader
- Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
- From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection