Hackers are targeting energy companies in Western Europe with sophisticated form of malware. Cybersecurity researchers from SentinelOne Labs say that the malware, which has infected at least one power company in Europe, takes "extreme measures" to avoid detection before it drops its payload, used to report information about the infected network back to a command-and-control centre.
The researchers don't name the state they think is behind the malware, but note it is of "Eastern European origin" and has traits which suggest it is likely to be the work of a nation state; namely the sophistication of the malware sampled and the cost required to developing something as advanced in nature.
SentinelOne said the malware was developed to work on any devices running any version of the Microsoft Windows operating system and is capable of avoiding detection by anti-virus software, firewalls and even more recent endpoint solutions capable of using sandboxing security techniques.
Not only that but the malware is capable of detecting when it's being monitored in a sandbox environment itself and when it does, it re-encrypts itself and stops working in order to evade detection by security professionals. In this case, SentinelOne cybersecurity researchers managed to examine the malware by reverse engineering it, which once again suggests that some serious funding has gone into developing it.
"The malware has all the hallmarks of a nation state attack due to its extremely high level of sophistication and the cost associated with creating software of this advanced nature," says Udi Shamir, Chief Security Officer at SentinelOne.
"Attacks of this nature require substantial funding and knowhow to pull off and are likely to be the result of a state sponsored attack, rather than a cybercriminal group," he adds.
Despite the critical nature of protecting infrastructure such as power and water supplies from cyberattacks, the increasingly sophisticated nature of hackers is leaving these increasingly vulnerable.