Bringing cybersecurity globally to critical and complex key activities
Alias: Black Energy, BlackEnergy, ELECTRUM, GreyEnergy, Iron Viking, Quedagh, Sandworm, Sandworm Team, TEMP.Noble, TeleBots, Voodoo Bear
ATK14 (aka BlackEnergy, Sandworm) is a group of attackers of Russian origin, active since at least 2008. This attacker is extremely active and skilled, and is well known for the BlackEnergy campaign as well as the NotPetya campaign. This group appears to correspond to unit 74455 (Main Center for Special Technologies).
In early 2022, the group appears to be responsible for the attack attempt against a Ukrainian energy provider using Industroyer2.
The malware BlackEnergy is a malware, allegedly created in 2006-2007. This malware was used to launch DDoS attacks against machines. It was used against Georgia and Estonia in large campaigns, taking down governmental and banking websites. The attacker reportedly sold the source code for $700. Several actors did use this malware, continuing DDoS attacks against Georgia. Around 2014, a group created SCADA and ICS plugins for BlackEnergy, in order to target manufacturing and the energy sector worldwide. This is the group named ATK14.
REFERENCES