2018: Research highlights from ESET’s leading lights

As the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018. If you never got the chance to read this year’s investigations by ESET researchers into some of the most dangerous hacker shenanigans in recent years, or if you … More 2018: Research highlights from ESET’s leading lights

GreyEnergy: Updated arsenal of one of the most dangerous threat actors

ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks. Recent ESET research has uncovered details of the successor of the BlackEnergy APT group, whose main toolset was last seen in December 2015 during the first-ever blackout caused by a cyberattack. Around the time … More GreyEnergy: Updated arsenal of one of the most dangerous threat actors

New TeleBots backdoor: First evidence linking Industroyer to NotPetya

ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven. Among the most significant malware-induced cybersecurity incidents in recent years were the attacks against the Ukrainian power grid – which … More New TeleBots backdoor: First evidence linking Industroyer to NotPetya

Analysis of TeleBots’ cunning backdoor

On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C(aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, … More Analysis of TeleBots’ cunning backdoor

TeleBots are back: Supply-chain attacks against Ukraine

The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously … More TeleBots are back: Supply-chain attacks against Ukraine