For the second time in a month the DHS ICS-CERT updated their alert for the Black Energy campaign. Last month the advisory was updated to reflect new information from the Ukraine power outage incident. Today’supdate provides revisions of the Yara rules for detecting Black Energy 2 and Black Energy 3 that also detect newer versions of the malware.
ICS-CERT continues to report that they have a more detailed version of this report available for limited distribution. The note that: “Asset owners and operators can request access to this information by emailing email@example.com.”
Today’s update was listed on the ICS-CERT landing page, but you have to have been really alert to have noticed the change in the listing under the “Most Downloaded” section of the page. As I have noted frequently of late, it was also announced on TWITTER®.