“Security company ESET reveals that it discovered a new group called TeleBots whose modus operandi is very similar to the one of BlackEnergy. TeleBots are primarily targeting Ukrainian banks, the firm says, and use spear-phishing emails that include malicious Excel documents to infect computers,” according to Softpedia reports.
Systems are infected with malwares which is very similar to the Trojan used by BlackEnergy in its previous attacks against Ukraine.
Attackers also deploy KillDisk, which is a destructive malware that renders the operating system unbootable and which is once again similar to the one used against power grid companies in Ukraine.
Once it infects a system, KillDisk deletes all system files and registers itself as a service, changing the boot screen with a picture from Mr. Robot TV show.
Currently it’s not sure how many of these attacks were successful, but Russian hackers are again believed to be behind the group, just like it happened before when the Ukrainian power grid was taken offline.