REUTERS
The Ukraine government has issued a public warning for all system administrators after finding evidence of a cyber-attack against the Boryspil Kyiv international airport, the country's largest airport, handling around 65% of its air traffic, Softpedia reported.
"Specialists of the State Service of Special Communications prevented a possible hacker attack by Russia," the spokesman of the Presidential Administration for the Anti-Terrorist Operation, Andriy Lysenko, said, according to the article published in Softpedia on Monday.
"Yesterday, the communications specialists established that one of the workstations at the Boryspil airport was infected by [the] Black Energy virus. The PC was disconnected from the airport's network, and the experts from the CERT-UA group were informed on the incident," the statement also reads.
The Black Energy malware family is the same one detected by the SBU, Ukraine's Security Service, just before Christmas on the computer network of Prykarpattiaoblenergo, a Ukrainian power supply company.
Read alsoUkraine utility cyber attack wider than reported: expertsThe malware was part of a sophisticated malware attack against the Ukrainian power grid system, which led to blackouts in the Ivano-Frankivsk, Horodenka, Kalush, Dolyna, Kosiv, Tysmenytsia, Nadvirna, and Yaremche regions.
At the same time as these attacks, a telephony flood was also carried out against the company's call centers.
Read alsoExperts: Russian hackers use same virus in attacks on Ukraine power companies, mediaThe malware was later analyzed by ESET, a European-based cyber-security vendor, who eventually confirmed that it was involved in the BlackEnergy APT (Advanced Persistent Threat), a known nation-state hacking group with Russian links.
Members of CERT-UA (Computer Emergency Response Team - Ukraine) have also urged system administrators to check their logs for suspicious activity or signs of an infection. A special page has been set up to help sysadmins identify Black Energy malware.