January 6, 2016
A highly destructive Trojan (detected by Symantec as Trojan.Disakil), reportedly used in recent attacks against the Ukrainian energy sector, was also earlier used against media targets in the same country. Symantec telemetry confirms that several computers in a major Ukrainian media company were compromised by Disakil in late October and may have been destroyed by the malware.
One computer at the media company was compromised by a new variant of the BlackEnergy Trojan (detected by Symantec as Backdoor.Lancafdo). The attackers appear to have used this infection to retrieve administrator credentials and used them to execute Disakil on a number of computers. Communication from these computers halted after Disakil was executed, suggesting that it succeeded in wiping them and rendering them inoperable.
The group behind the Black Energy Trojan is known as Sandworm and has a history of targeting organizations in Ukraine. It has also been known to attack NATO, a number of Western European countries, and companies operating in the energy sector.