GreyEnergy Description

The GreyEnergy APT (Advanced Persistent Threat) is believed to be the successor of the largely destructive hacking group known as the BlackEnergy APT. There are several reasons why cybersecurity experts believe these two hacking groups to be related:

  • The GreyEnergy hacking group emerged about the same time as the BlackEnergy APT vanished from the world of cybercrime.
  • Both the GreyEnergy and BlackEnergy APTs tend to operate with flexible, light-weight hacking tools that are modified and controlled easily.
  • Most of the efforts of both hacking groups are concentrated in Poland and Ukraine.
  • They both tend to target critical sectors like industrial or energy-related institutions.
  • The infrastructure built and used by both GreyEnergy and BlackEnergy APT seems to be very closely related.

Changing Approaches

However, the individuals who appear to be behind both these hacking groups seem to have changed their tactics. For the most part, BlackEnergy was known for its very destructive tendencies and seemed to care little about hiding its tracks or laying on the down-low. This is in utter contrast to the approach that the GreyEnergy APT has taken. They are much more careful about remaining under the radar of malware researchers, and the threats they propagate are less noisy and destructive. It has been noticed that many of the campaigns carried out by the GreyEnergy group involve a mini backdoor Trojan, which is used as a gateway for the attackers to plant a more potent threat on the infiltrated host. To ensure their threats operate as silently as possible, the GreEnergy APT has been utilizing fileless malware. Furthermore, the GreyEnergy hacking group has been working on several ‘malware wipers.’ These tools enable the malware operators to erase any traces of harmful activity that may remain on the victim’s system.

In the past, the BlackEnergy group aimed to wreak havoc, while the GreyEnergy APT that is operational today concentrates on spying campaigns mostly. Once the GreyEnergy group infiltrates a system, they are likely to stay on the down-low and collect information from the host via recording keystrokes, taking screenshots of the desktop, siphoning files of interest, collecting documents, gathering login credentials, and other data. Sometimes, instead of using privately developed hacking tools, the GreyEnergy APT would utilize publicly available genuine applications such as Mimikatz, WinExe, PsExec, Nmap, etc.

It is interesting to see a hacking group changing tactics so radically. Taking a much quieter approach was likely done so that the individuals involved in this would be able to continue their operations and minimize the chances of getting caught by the authorities. We will continue to hear about the activities of the GreyEnergy APT in the future, probably.

Do You Suspect Your PC May Be Infected with GreyEnergy & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like GreyEnergy as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.