BlackEnergy hackers, who earlier managed to successfully compromise the Ukrainian energy system and cut off the light at several local utilities, are likely behind a new series of cyberattacks targeting banks, according to Softpedia.
Security company ESET reveals that it discovered a new group called TeleBots whose modus operandi is very similar to the one of BlackEnergy. TeleBots are primarily targeting Ukrainian banks, the firm says, and use spear-phishing emails that include malicious Excel documents to infect computers, Softpedia reports.
Systems are infected with a backdoor which is very similar to the Trojan used by BlackEnergy in its previous attacks against Ukraine.
Eventually, attackers also deploy KillDisk, which is a destructive malware that renders the operating system unbootable and which is once again similar to the one used against power grid companies in Ukraine.
Once it infects a system, KillDisk deletes system files and registers itself as a service, changing the boot screen with a picture from Mr. Robot TV show.
At the moment, it`s not yet clear how many of these attacks were successful, if any, but Russian hackers are again believed to be behind the group, just like it happened before when the Ukrainian power grid was taken offline.
Russia`s cyber attacks aimed at destabilizing Ukraine`s finance & banking – National Security and Defense Council