Kaspersky Lab experts are investigating the clues for a possible connection between ExPetr and BlackEnergy cyberattacks, according to a press statement released by the cyber security company on Tuesday.
“The ExPetr / NotPetya / Petya attack on June 27 is one of the most important cyber incidents this year, but the true motivation of their perpetrators and their goals remain unknown. At the beginning of the ExPetr attack, Kaspersky Lab noticed that the ExPetr extensions list is very similar to that used by the Black Energy Wiper, KillDisk in 2015 and 2016. Kaspersky Lab researchers have studied Black Energy for many years and are very familiar with this grouping, especially with their industrial attacks,” the statement says.
The company’s researchers have collaborated with Palo Alto Networks to identify similarities that allowed them to look for any possible links between BlackEnergy and ExPetr. The results indicate some similarities in the code design between the two malware families, although this cannot be considered proof of a definite connection.
“As with WannaCry, assignment is very difficult, and finding connections with previous malware is a real challenge. We are extending an invitation to the cybersecurity community to help establish the relationship between BlackEnergy and ExPetr / Petya – or to refute it,” says Costin Raiu, director of Kaspersky Lab’s global research and analysis team.