Analyzing the GreyEnergy Malware: from Maldoc to Backdoor

March 7, 2019 12:30 PM

The APT group GreyEnergy has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years. The advanced persistent threat (APT) group uses stealth attacks to accessvarious elements of ICS. In this session Nozomi Networks Co-founder Andrea Carcanowill tap into the latest research from Nozomi Labs to explain how GreyEnergy’s ability to avoid detection is linked to the way they program their malware. He will detail how GregyEnergy social engineers their way into ICS networks via phishing emails, how their malware is able to cause damage without detection and share a free tool designed to help facilitate further discovery and analysis within the ICS cyber security community.

Speaker Information

Panelist Information

Andrea Carcano


Andrea is an expert and international leader in industrial network security, artificial intelligence and machine learning. He co-founded Nozomi Networks in 2013 with the goal of delivering a next generation cyber security and operational visibility solution for industrial control networks. As Chief Product Officer Andrea defines the vision for Nozomi’s products and is the voice of the customer within the organization. In this role he draws on his real-world experience as a senior security engineer with Eni, a multinational oil and gas company, as well as his academic research. With a passion for cyber security that began in high school, Andrea went on to study the unique challenges of securing industrial control systems. His Ph.D. in Computer Science from Università degli Studi dell’Insubria focused on developing software that detected intrusions to critical infrastructure control systems. His Masters in Computer Science from the same institution involved creating malware designed to take advantage of the lack of security in some SCADA protocols and analyzing the consequences. Andrea has published a number of academic papers, including one describing an early example of malware targeting SCADA systems.