BlackEnergy Trojan gets into the system through a vulnerability in Microsoft Office 2013

Information security experts from SentinelOne exposed a new tactic of spreading BlackEnergy malware, which has been attacking SCADA-system throughout Europe. It turns out that the latest version of this software is distributed together with Microsoft Office, and targets inattentive and careless employees of energy companies, who unintentionally bring malware to the system.

A team of specialists from SentinelOne conducted reverse-engineering of the malware and found indications that this software is distributed in the manner described above.

BlackEnergy 3 Office 2013 makes use of the vulnerability that has been fixed some time ago, so it may work only on the unpatched machines, or in case an employee opens an infected Excel document.

Energy companies are not likely to use outdated software, so the malware is still brought – voluntarily or involuntarily – to such companies by the staff.

If the experts’ conclusion that BlackEnergy has already present in many power systems of European countries, turns out to be true, the malware can be used to cause blackouts and other emergency situations, which poses a considerable threat to the power grids.