A new bulletin from the Department of Homeland Security (DHS) warns that since 2011 a growing number of US computers and industrial control systems have become infected by a common Malware suite called BlackEnergy.
The BlackEnergy suite uses known exploits in MIPS and ARM systems to insinuate itself, and has the ability to install a wide variety of plugins which would allow it to take control of such systems or steal data, though so far most of the infected systems are not being exploited to any known harm.
Speculation among the computer security community is that the program’s widespread deployment is an effort by some group or groups to see just how much access they can theoretically gain with a comparatively simple piece of malware.
The DHS is, as usual, attempting to blame Russia for the incidents, though the evidence is pretty flimsy at this point. One of the known users of BlackEnergy is a group called Sandworm Team, which got its start targeting government sites in Eastern Europe. This led to speculation that the Sandworm Team might conceivably be working for the Russian government.
But the DHS doesn’t appear to have any specific evidence that Sandworm Team is behind these other attacks, and is simply drawing the connection because they’re using the same or similar software suites. It is not uncommon for successful malware suites to become adopted, or improved upon, by copycat groups.