“The attack on energy facilities on 19-20 January 2016. After the fact”

The attack on energy facilities on 19-20 January 2016. After the fact “”Department Incident Response CyS Centrum (CyS-CERT)”
Article https://cys-centrum.com/ru/news/attack_on_energy_facilities_jan_ps

The attack on energy facilities on 19-20 January 2016. After the factNo sooner had the country / industry oklematsya against cyber attacks, which had led to the outage for an impressive number of consumers as something similar and potentially dangerous happened again.Unidentified attackers on 19 and January 20, 2016 was carried out spot “viral distribution” for e-mail addresses (about 100 recipients), a large number of energy companies in Ukraine. Tactics used much like the one that was used before, during already described cyber attacks on critical information infrastructure of our country – emails, documents, bait, macros, droppers, etc.
In this review, designed to further sharpen the question of the need to improve awareness of information security, we propose to review the process of the attack, the technical details of its implementation, as well as measures taken to address the threat and minimize the negative effects.“Viral delivery” began at the end of the day January 19, 2016. Acting consistently, the second wave of malicious emails sent attackers at the start of day on January 20. When on such actions became known among energy companies, NEC “Ukrenergo” Concerned by the fact that the letters are sent, allegedly on her behalf, made ​​a public statement on the official web site (Fig. 1) [1].