It begins with a phish<\/strong><\/h2>\nOur malware “zoo” within McAfee Labs contains a wealth of data that can be used to identify the reuse of tools in a particular attack. In this instance we cross-referenced the initial dropper and collected samples that were used by infected systems. This was absolutely necessary because the criminal infrastructure used to host the second malware instance was offline when our analysis began. As we began, we identified a number of similarities with previous campaigns that targeted the energy sector.<\/p>\n
In March 2015, an email appearing to be from the Supreme Council of Ukraine (Verkhovna Rada of Ukraine) was sent to multiple state institutions in the country. One of the targets in this campaign was a power company situated in the western part of the Ukraine. The spear-phishing email contained an XLS attachment with a macro in it.<\/p>\n
![\"Picture1\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\")
<\/p>\n
Once the document was opened, a macro was executed, the BlackEnergy dropper was created, and the dropper started to download the final BlackEnergy 2\/3 version.<\/p>\n
One of the interesting email artifacts was a part of the SMTP header that pointed into an IP address and name of the mail server used to spread the spear-phishing emails.<\/p>\n
We received information that, once the attackers were in the network, they compromised a web server and used it as a beachhead for entering a segment of the company\u2019s network. The attackers were using tools that are freely available on the Internet for download, including web shells, tunneling tools, and SSH server tools.<\/p>\n
If we compare the previous attack with the BlackEnergy attack on the grid reported in December, we can recognize a number of similarities. First, the attack vector is exactly the same, namely a spear-phishing campaign. \u00a0An example of the content of the email follows:<\/p>\n
![\"Picture2\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture2-300x63.jpg\")
<\/p>\n
The attachment was a weaponized Excel worksheet containing a dropper. Once launched, the payload was downloaded from a site hosted in the Ukraine.<\/p>\n
We investigated the SMTP headers in this case and found that the attack in December leveraged a mail server with the same IP address and name as a server used in the previously described campaign in March. The energy sector was one of the targets in both campaigns.<\/p>\n
Besides these files, we received also a package of suspicious files for analysis. These files were part of a web template system called Synio. The Synio template is part of the LiveStreet Content Management System (CMS). Livestreet is a Russian site that allows for the free download of engines for blogging and social networking. We do not know whether these files were related to the spear-phishing campaign or part of lateral movement. However, we noticed references to the Synio template being used on the server that hosted the payload for the dropper: \u201c8080\/templates\/compiled\/synio\/…\u201d One of the files in the templates was definitely not part of normal content management.<\/p>\n
After analysis of this php file, we determined that it was a php web shell.<\/p>\n
![\"Picture3\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture3-300x106.jpg\")
<\/p>\n
These WSO web shells are often used after compromising a server to maintain access. They usually support multiple modules with a variety of features. In this case the shell included the following modules:<\/p>\n
\n- Console<\/li>\n
- SQL Manager<\/li>\n
- Support for Windows and Linux OS<\/li>\n
- Server information<\/li>\n
- File manager<\/li>\n
- Editing, modifying files<\/li>\n
- SQL console<\/li>\n
- PHP console<\/li>\n
- Network analysis tools<\/li>\n<\/ul>\n
Access to the web shell was secured with an easy-to-crack MD5 password.<\/p>\n
One interesting feature was the “search for hash option”\u2014in which discovered hashes could be sent to certain sites that might have cracked the value for these hashes:<\/p>\n
![\"Picture4\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture4-300x64.jpg\")
<\/p>\n
For both the March and December attacks, there are some similarities:<\/p>\n
\n- Spear phishing using weaponized Office documents.<\/li>\n
- Email sender is using a valid \u201cinfo\u201d addressee in the Ukraine.<\/li>\n
- Same mail provider and server used.<\/li>\n
- The usage of common backdoor tools.<\/li>\n
- Sophistication of attacks was low.<\/li>\n<\/ul>\n
The use of BlackEnergy for espionage is not new, but prior to the December attack, there has been no evidence that prior campaigns used BlackEnergy for more than stealing confidential information from a victim organization. Although the latest attack included a wiper component, we did not find any evidence that this malware specifically targeted SCADA systems. Therefore, it appears unlikely that the BlackEnergy malware was the direct cause of the outage. It is unclear if a single actor both controlled BlackEnergy and also issued a coordinated shutdown of the electrical system.<\/p>\n
Meanwhile, the spear-phishing campaigns in Ukraine appear to have continued into January 2016, using Word documents instead of Excel. Although our information does not yet point to a clear cause, additional details are emerging and our analysis is ongoing. We have greater confidence that the follow-up phishes were from the same group, than that this group was responsible for the availability disruption. Not only does this attack show the same modus operandi but is more aligned with the level of technical sophistication that we have seen with BlackEnergy. We are continuing our analysis as we receive more samples and will provide more detail in due course.<\/p>\n","protected":false},"excerpt":{"rendered":"
Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used…<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,4452,180,18,4185],"coauthors":[3576,1359],"class_list":["post-47431","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-cybersecurity","tag-malware","tag-network-security","tag-phishing"],"acf":[],"yoast_head":"\n
A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-05T22:20:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T01:41:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Picture1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"393\" \/>\n\t<meta property=\"og:image:height\" content=\"180\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Christiaan Beek, Raj Samani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek, Raj Samani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption\",\"datePublished\":\"2016-02-05T22:20:36+00:00\",\"dateModified\":\"2025-05-29T01:41:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"},\"wordCount\":986,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"keywords\":[\"cybercrime\",\"cybersecurity\",\"malware\",\"network security\",\"Phishing\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\",\"name\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"datePublished\":\"2016-02-05T22:20:36+00:00\",\"dateModified\":\"2025-05-29T01:41:56+00:00\",\"description\":\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","og_description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-02-05T22:20:36+00:00","article_modified_time":"2025-05-29T01:41:56+00:00","og_image":[{"width":393,"height":180,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Picture1.jpg","type":"image\/jpeg"}],"author":"Christiaan Beek, Raj Samani","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek, Raj Samani","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption","datePublished":"2016-02-05T22:20:36+00:00","dateModified":"2025-05-29T01:41:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"},"wordCount":986,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","keywords":["cybercrime","cybersecurity","malware","network security","Phishing"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","name":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","datePublished":"2016-02-05T22:20:36+00:00","dateModified":"2025-05-29T01:41:56+00:00","description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=47431"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431\/revisions"}],"predecessor-version":[{"id":214658,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431\/revisions\/214658"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=47431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=47431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=47431"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=47431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\n<\/p>\n<\/p>\nAccess to the web shell was secured with an easy-to-crack MD5 password.<\/p>\n
One interesting feature was the “search for hash option”\u2014in which discovered hashes could be sent to certain sites that might have cracked the value for these hashes:<\/p>\n
<\/p>\n
For both the March and December attacks, there are some similarities:<\/p>\n
- \n
- Spear phishing using weaponized Office documents.<\/li>\n
- Email sender is using a valid \u201cinfo\u201d addressee in the Ukraine.<\/li>\n
- Same mail provider and server used.<\/li>\n
- The usage of common backdoor tools.<\/li>\n
- Sophistication of attacks was low.<\/li>\n<\/ul>\n
The use of BlackEnergy for espionage is not new, but prior to the December attack, there has been no evidence that prior campaigns used BlackEnergy for more than stealing confidential information from a victim organization. Although the latest attack included a wiper component, we did not find any evidence that this malware specifically targeted SCADA systems. Therefore, it appears unlikely that the BlackEnergy malware was the direct cause of the outage. It is unclear if a single actor both controlled BlackEnergy and also issued a coordinated shutdown of the electrical system.<\/p>\n
Meanwhile, the spear-phishing campaigns in Ukraine appear to have continued into January 2016, using Word documents instead of Excel. Although our information does not yet point to a clear cause, additional details are emerging and our analysis is ongoing. We have greater confidence that the follow-up phishes were from the same group, than that this group was responsible for the availability disruption. Not only does this attack show the same modus operandi but is more aligned with the level of technical sophistication that we have seen with BlackEnergy. We are continuing our analysis as we receive more samples and will provide more detail in due course.<\/p>\n","protected":false},"excerpt":{"rendered":"
Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used…<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,4452,180,18,4185],"coauthors":[3576,1359],"class_list":["post-47431","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-cybersecurity","tag-malware","tag-network-security","tag-phishing"],"acf":[],"yoast_head":"\n
A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-05T22:20:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T01:41:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Picture1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"393\" \/>\n\t<meta property=\"og:image:height\" content=\"180\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Christiaan Beek, Raj Samani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek, Raj Samani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption\",\"datePublished\":\"2016-02-05T22:20:36+00:00\",\"dateModified\":\"2025-05-29T01:41:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"},\"wordCount\":986,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"keywords\":[\"cybercrime\",\"cybersecurity\",\"malware\",\"network security\",\"Phishing\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\",\"name\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"datePublished\":\"2016-02-05T22:20:36+00:00\",\"dateModified\":\"2025-05-29T01:41:56+00:00\",\"description\":\"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","og_description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-02-05T22:20:36+00:00","article_modified_time":"2025-05-29T01:41:56+00:00","og_image":[{"width":393,"height":180,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Picture1.jpg","type":"image\/jpeg"}],"author":"Christiaan Beek, Raj Samani","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek, Raj Samani","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption","datePublished":"2016-02-05T22:20:36+00:00","dateModified":"2025-05-29T01:41:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"},"wordCount":986,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","keywords":["cybercrime","cybersecurity","malware","network security","Phishing"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/","name":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","datePublished":"2016-02-05T22:20:36+00:00","dateModified":"2025-05-29T01:41:56+00:00","description":"Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Picture1-300x137.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/blackenergy_ukrainian_power_grid\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist & Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=47431"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431\/revisions"}],"predecessor-version":[{"id":214658,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47431\/revisions\/214658"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=47431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=47431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=47431"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=47431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}