[ISN] Word up: BlackEnergy SCADA hackers change tactics

www.theregister.co.uk/2016/01/28/blackenergy_tv_station_attack/ By John Leyden The Register 28 Jan 2016 A new BlackEnergy spear-phishing campaign is targeting more Ukrainian firms, including a television channel. A spear-phishing document found by Kaspersky Lab analysts mentions the far-right Ukrainian nationalist political party “Right Sector” and appears to have been used in an attack against a popular television channel in Ukraine. Ukrainian TV station “STB” was previously named as a victim of the BlackEnergy Wiper attacks in October 2015. The Russian-speaking BlackEnergy APT group are notoriously blamed for malware-based attacks against utilities that led to short power outages in the days before Christmas. The BlackEnergy APT group has been actively using spear-phishing emails carrying malicious Excel documents with macros to infect computers in a targeted network since the middle of last year. However, in January this year, Kaspersky Lab researchers discovered a new malicious document which infects the system with a BlackEnergy Trojan. Unlike the Excel documents used in previous attacks, this was a Microsoft Word document. […]