The attack was stopped just in time, computer was isolated

Jan 18, 2016 09:54 GMT  ·  By

The Ukraine government has issued a public warning for all system administrators after finding evidence of a cyber-attack against the Boryspil Kiev international airport, the country's largest airport, handling around 65% of its air traffic.

"Specialists of the State Service of Special Communications prevented a possible hacker attack by Russia," Andriy Lysenko, Presidential Administration Spokesman for the Anti-Terrorist Operation (ATO), is quoted as saying.

"Yesterday, the communications specialists established that one of the workstations at the Boryspil airport was infected by [the] Black Energy virus. The PC was disconnected from the airport's network, and the experts from the CERT-UA group were informed on the incident," the statement also reads (via Interfax).

Black Energy malware used against Ukraine's power grid this Christmas

The Black Energy malware family is the same one detected by the SBU, Ukraine's Security Service, just before Christmas on the computer network of Prykarpattiaoblenergo, a Ukrainian power supply company.

The malware was part of a sophisticated malware attack against the Ukrainian power grid system, which led to blackouts in the Ivano-Frankivsk, Horodenka, Kalush, Dolyna, Kosiv, Tysmenytsia, Nadvirna, and Yaremche regions.

At the same time as these attacks, a telephony flood was also carried out against the company's call centers.

Black Energy linked to Russian-backed hackers

The malware was later analyzed by ESET, a European-based cyber-security vendor, who eventually confirmed that it was involved in the BlackEnergy APT (Advanced Persistent Threat), a known nation-state hacking group with Russian links.

Black Energy is a malware family specialized in infecting ICS/SCADA (Industrial Control Systems / Supervisory Control And Data Acquisition) systems.

Members of CERT-UA (Computer Emergency Response Team - Ukraine) have also urged system administrators to check their logs for suspicious activity or signs of an infection. A special page has been set up to help sysadmins identify Black Energy malware.