Replies

Yep, but not to underestimate the threat in general, just this specific instance. I remember someone years ago saying that when you have the unlimited resources of a nation-state behind you, there is really not much that can’t be done.

The whitepaper on this F-Secure site is interesting reading for anyone interested in the “under the hood” stuff: https://www.f-secure.com/en/web/labs_global/whitepapers

Summary:
“In the summer of 2014, we noted that certain
samples of BlackEnergy malware began targeting Ukranian
government organizations for information harvesting. These
samples were identifed as being the work of one group,
referred to in this document as Quedagh, which has a history
of targeting political organizations.
The Quedagh-related customizations to the BlackEnergy
malware include support for proxy servers and use of
techniques to bypass User Account Control and driver
signing features in 64-bit Windows systems. While monitoring
BlackEnergy samples, we also uncovered a new variant used by
this group. We named this new variant BlackEnergy 3.
The use of BlackEnergy for a politically-oriented attack is an
intriguing convergence of criminal activity and espionage. As
the kit is being used by multiple groups, it provides a greater
measure of plausible deniability than is aforded by a custom-
made piece of code.”