The GreyEnergy APT (Advanced Persistent Threat) is believed to be the successor of the largely destructive hacking group known as the BlackEnergy APT. There are several reasons why cybersecurity experts believe these two hacking groups to be related:
- The GreyEnergy hacking group emerged about the same time as the BlackEnergy APT vanished from the world of cybercrime.
- Both the GreyEnergy and BlackEnergy APTs tend to operate with flexible, light-weight hacking tools that are modified and controlled easily.
- Most of the efforts of both hacking groups are concentrated in Poland and Ukraine.
- They both tend to target critical sectors like industrial or energy-related institutions.
- The infrastructure built and used by both GreyEnergy and BlackEnergy APT seems to be very closely related.
However, the individuals who appear to be behind both these hacking groups seem to have changed their tactics. For the most part, BlackEnergy was known for its very destructive tendencies and seemed to care little about hiding its tracks or laying on the down-low. This is in utter contrast to the approach that the GreyEnergy APT has taken. They are much more careful about remaining under the radar of malware researchers, and the threats they propagate are less noisy and destructive. It has been noticed that many of the campaigns carried out by the GreyEnergy group involve a mini backdoor Trojan, which is used as a gateway for the attackers to plant a more potent threat on the infiltrated host. To ensure their threats operate as silently as possible, the GreEnergy APT has been utilizing fileless malware. Furthermore, the GreyEnergy hacking group has been working on several ‘malware wipers.’ These tools enable the malware operators to erase any traces of harmful activity that may remain on the victim’s system.
In the past, the BlackEnergy group aimed to wreak havoc, while the GreyEnergy APT that is operational today concentrates on spying campaigns mostly. Once the GreyEnergy group infiltrates a system, they are likely to stay on the down-low and collect information from the host via recording keystrokes, taking screenshots of the desktop, siphoning files of interest, collecting documents, gathering login credentials, and other data. Sometimes, instead of using privately developed hacking tools, the GreyEnergy APT would utilize publicly available genuine applications such as Mimikatz, WinExe, PsExec, Nmap, etc.
It is interesting to see a hacking group changing tactics so radically. Taking a much quieter approach was likely done so that the individuals involved in this would be able to continue their operations and minimize the chances of getting caught by the authorities. We will continue to hear about the activities of the GreyEnergy APT in the future, probably.
Do You Suspect Your PC May Be Infected with GreyEnergy & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like GreyEnergy as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.