Hackers allegedly linked to Russian military intelligence are accused of infecting three energy and transport companies in Ukraine and Poland with sophisticated new malware, Reuters reports.
The claims: The companies, which have not been named, were infected with a new type of malicious software called GreyEnergy between 2015 and mid-2018, according to a researchers at Slovakian IT security firm ESET. They believe it was developed by the same group behind a series of high-profile cyberattacks on Ukraine in recent years, called Sandworm, using malware called BlackEnergy. “The important thing is that they are still active,” ESET researcher Robert Lipovsky told Reuters. “This shows that this very dangerous and persistent ‘threat actor’ is still active.”
Attribution: The UK’s spy agency GCHQ said this month that Sandworm and BlackEnergy are both names associated with the GRU, Russia’s military intelligence body (it has recently rebranded to GU). It’s an allegation that has been flatly denied by the Kremlin.
Diplomatic tensions: These claims come during a period of particularly poor relations between Russia and the West, in the aftermath of a nerve attack on former GRU officer Sergei Skripal in England that the UK alleges was carried out by Russian agents.