ESET unmasks "GreyEnergy"
cyber-espionage group

Sophisticated threat actor, linked to previous "BlackEnergy" cyberattacks, targets high-value organizations.

GreyEnergy finally exposed

ESET researchers have just unmasked a new cyber-espionage group, which has been named GreyEnergy. It's the successor to the BlackEnergy group, which terrorized Ukraine in 2015 with the first known successful cyberattack on a power grid, and has since gone underground.

Our researchers have demonstrated beyond doubt that GreyEnergy's malware toolkit – which has targeted multiple companies using industrial control systems in Europe – is capable of infiltrating and controlling entire company networks. It mirrors and improves upon already-sophisticated techniques used in the Ukraine power grid outages and has the potential to spread worldwide.

 

ESET's exposure of GreyEnergy is important for a successful defense against this particular threat actor as well as for better understanding the tactics, tools and procedures of the most advanced APT groups.

Anton Cherepanov, ESET Senior Malware Researcher

Links between BlackEnergy, Industroyer and GreyEnergy

How GreyEnergy works

Compared to BlackEnergy, GreyEnergy is a more modern toolkit with an even greater focus on stealth, which makes it extremely difficult to detect. ESET researchers have demonstrated that GreyEnergy has the capacity to take full control of entire company networks, which puts organizations of all sizes at risk

One basic stealth technique is to push only selected modules to selected targets, and only when needed. In addition, some GreyEnergy modules are partially encrypted and some remain fileless – running only in memory – with the intention of hindering analysis and detection.

To cover their tracks, GreyEnergy's operators securely wipe the malware components from the victims' hard drives.

The modules described in ESET's analysis were used for espionage and reconnaissance purposes and include backdoor, file extraction, taking screenshots, keylogging and password/credential theft.

No matter what your industry or company size, implementing a multilayered security solution is your best defense against this and other malware.

How ESET protects you

The good news is that ESET can fully protect your organization. Our multilayered technology—combining machine learning, human expertise and global threat intelligence—is designed to block exactly this type of new, previously unseen threat.

ESET Enterprise Inspector

Highly customizable endpoint detection and response solution enables granular visibility and identification of anomalous behavior and breaches plus risk assessment, incident response, investigation and remediation.

ESET Dynamic Threat Defense

Powerful cloud-based sandboxing tool evaluates behavior of all submitted samples with threat intelligence feeds, ESET's multiple internal tools for static and dynamic analysis, and reputation data to detect zero-day threats.

ESET Mail Security

Award-winning solution provides powerful server malware protection, spam filtering, anti-phishing and thorough email scanning against all email-borne threats. Compatible with all major email platforms.


ESET has been developing industry-leading security solutions for over 30 years. See an overview of our business products.

Stay safe with ESET

ESET fully protects your organization from GreyEnergy