In late December, at least two Ukrainian power companies were hacked, dropping tens of thousands of people into darkness. Experts generally agree that although malware didn’t cause the blackout itself, a cyberattack did play an important role.
By Joseph Cox|MOTHERBOARD
The malware found in affected networks was a variant of BlackEnergy, a Russian-linked program with much humbler cybercrime roots than is suggested by its apparent use in the sabotage of critical infrastructure.
In 2007, “it was available as a crimeware tool” for sale in the digital underground, Artturi Lehtiö, a researcher from cybersecurity company F-Secure, told Motherboard in a phone interview. Because of the malware’s simplicity, graphical user interface, and accompanying help file, pretty much any budding hacker could deploy it with only a minimal set of skills. One screenshot of the software’s point-and-click panel says BlackEnergy was made by a hacker, or group of hackers, called “Crash.”
Nine years ago, BlackEnergy was a relatively basic piece of technology designed to infect computers and add them to a botnet, creating a zombie army of machines ripe for firing distributed-denial-of-service (DDoS) attacks. Researchers found that BlackEnergy went for as little as $40, or even free, and the malware was used to launch attacks on Russian websites.