Industroyer2 in Perspective

Background On 12 April 2022, the Ukrainian CERT and ESET disclosed the existence of Industroyer2, a successor to the malware targeting Ukrainian electric distribution and transmission operations in 2016. Industroyer2 arrived after multiple disruptive cyber incidents of varying degrees of success surrounding Russia’s brutal invasion of Ukraine, as presented in Read more…

Lights Out in Isfahan

Iranian security company Amnpardaz Soft published an intriguing report on 28 December 2021 concerning a firmware-level rootkit in HP Integrated Lights Out (iLO) products. While frustratingly containing no Indicators of Compromise (IOCs) – not so much for defensive purposes, but for validating research and independently analyzing artifacts – the report Read more…

Terrorism or Information Operation?

On 09 December 2020, details emerged concerning network infrastructure I’d previously identified as suspicious on 07 December: Further research and investigation showed that the domains in question – which were relocated from “.org” to “.us” infrastructure – were hosting “kill lists” comprising politicians, civil servants, and employees of Dominion Voting Read more…

The Enigmatic Energetic Bear

“Energetic Bear” (also known as Dragonfly, Crouching Yeti, etc. etc.) has been in the news lately given a recent series of intrusions targeting local government and critical infrastructure entities in the United States. While the group has gained attention recently, its activities go back at least a decade with the Read more…