ABSTRACT
Security researchers have uncovered a new Stuxnet-like malware named "Havex," which was used in a number of previous ;cyber-attacks against organizations in the energy sector. In January 2014, the cybersecurity firm CrowdStrike revealed information pertaining to a cyber espionage campaign, dubbed "Energetic Bear," where hackers, possibly tied to the Russian Federation, penetrated the computer networks of energy companies in Europe, the United States, and Asia. According to CrowdStrike, the malware used in those cyber-attacks were Havex RAT and SYSMain RAT, and possibly Havex RAT is itself a newer version of the SYSMain RAT, and both tools have been operated by the attackers since at least 2011. That means, it is possible that Havex RAT could be somehow linked to Russian hackers or state-sponsored by the Russian government. Havex RAT is equipped with a new component, whose purpose is to gather network and connected devices information by leveraging the Open Platform Communications (OPC) standard.
