Researchers at Kaspersky Lab have spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine.
Russian-speaking threat actors in the BlackEnergy APT group have been using malicious Excel and PowerPoint files to spread the group's malware since last year but Kaspersky's Global Research and Analysis Team Director Costin Raiu claimed this was the first time Word documents have been used, according to a Jan. 28 blog post.
Last week, researchers at ESET detected a new wave of cyberattacks on power plants that were based on a freely-available open-source backdoor which is “something no one would expect from an alleged state-sponsored malware operator," ESET researchers said in a Jan. 20 security post.
The BlackEnergy APT group has been actively targeting energy, government and media in Ukraine, and industrial controls systems supervisory control and data acquisition (ICS/SCADA) and energy companies worldwide.