GreyEnergy APT Delivers Malware via Phishing Attacks and Multi-Stage Dropper

The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto.

GreyEnergy attacked and infiltrated the networks of multiple critical infrastructure targets from Eastern Europe, from Poland and Ukraine, with other objectives probably lined up for future attacks.

According to ESET, GreyEnergy is the most probable successor of the BlackEnergy cyber-espionage group, and it was found to be behind the original deployment of a NotPetya predecessor (dubbed Moonraker Petya), a variant of the Petya ransomware that comes with the extra capability of propagating using the NSA EternalBlue exploit.

Read more…
Source: Softpedia