ESET researchers discover links between two major cybersecurity attacks: NotPetya and Industroyer

Next story

Researchers at ESET recently discovered evidence linking the infamous cybercriminal group TeleBots and Industroyer, the most powerful modern malware targeting industrial control systems and the culprit behind the electricity blackout in Ukraine’s capital Kiev in 2016.

TeleBots was behind the global outbreak of the disk-wiping malware NotPetya, which disrupted business operations across the globe in 2017, and the biggest-ever malware-enabled blackout in Ukraine in 2015 (dubbed BlackEnergy), which left hundreds of thousands of people without electricity.

“Speculations about the connection between Industroyer and TeleBots emerged shortly after Industroyer hit the Ukrainian power grid,” said ESET Researcher Anton Cherepanov who led both the Industroyer and NotPetya research investigation. “However, no supporting evidence was publicly known – until now.”

In April 2018, ESET discovered fresh activity from the TeleBots group: an attempt to deploy a new backdoor, which ESET detects as Exaramel. ESET’s analysis suggests that this backdoor is an improved version of the main Industroyer backdoor – the actual first piece of evidence linking Industroyer to TeleBots.

“The discovery of Exaramel shows that the TeleBots group is still active in 2018 and the attackers keep improving their tools and tactics. We will continue to monitor the activity of this group,” concludes Cherepanov.

To learn more about the evidence linking Industroyer to TeleBots, please read the article (link) at ESET’s blog, WeLiveSecurity.

*Note for editors: when ESET Research describes cyberattacks and tracks cybercriminal groups, it is drawing connections based on technical indicators such as code similarities, shared Command & Control infrastructure, malware execution chains and other evidence. Since ESET is not involved in on the ground investigations and forensics, we are not speculating on any potential nation-state attribution for these attacks.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on LinkedIn, Facebook and Twitter.


Media Contact:

Veronica Bart, Veritas Communications 647-330-5724