Press Center

ESET Researchers Discover Links Between Major Cybersecurity Attacks

Created: 2018-11-14 10:17:45

ESET, the leader in cybersecurity research and a top European Union-based endpoint security company, has discovered evidence linking the infamous cybercriminal group TeleBots to Industroyer, the most powerful modern malware targeting industrial control systems and the culprit behind the electricity blackout in Ukraine’s capital, Kiev, in 2016. 

TeleBots demonstrated its prowess with NotPetya, the disk-wiping malware that disrupted global business operations in 2017, and its ties with BlackEnergy, which was deployed in the first-ever malware-enabled blackout in Ukraine in 2015 (predating the Industroyer-induced blackout by one year).

“Speculation about the connection between Industroyer and TeleBots emerged shortly after Industroyer hit Ukraine’s power grid,” says ESET researcher Anton Cherepanov, who led both the Industroyer and NotPetya research investigation. “However, no supporting evidence was publicly recognized – until now.”

In April 2018, ESET discovered fresh activity from the TeleBots group: an attempt to deploy a new backdoor, which ESET detects as Exaramel. ESET’s analysis suggests that this backdoor is an improved version of the main Industroyer backdoor – the first piece of evidence linking Industroyer to TeleBots. 

 “The discovery of Exaramel shows that the TeleBots group is still active in 2018 and the attackers keep improving their tools and tactics,” concludes Cherepanov. “We will continue to monitor the activity of this group.” 

 To learn more about the evidence linking Industroyer to TeleBots, please read the article (link) at ESET’s blog, WeLiveSecurity.

 Note for editors: When ESET Research describes cyberattacks and tracks cybercriminal groups, it is drawing connections based on technical indicators such as code similarities, shared Command & Control infrastructure, malware execution chains and other evidence. Since ESET is not involved in on-the-ground law-enforcement or intelligence investigations, we are not speculating on any potential nation-state attribution for these attacks. 

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.