Analyzing the GreyEnergy Malware: from Maldoc to Backdoor

March 7, 2019 12:45 PM

The APT group GreyEnergy has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years. The advanced persistent threat (APT) group uses stealth attacks to accessvarious elements of ICS. In this session Nozomi Networks Co-founder Andrea Carcanowill tap into the latest research from Nozomi Labs to explain how GreyEnergy’s ability to avoid detection is linked to the way they program their malware. He will detail how GregyEnergy social engineers their way into ICS networks via phishing emails, how their malware is able to cause damage without detection and share a free tool designed to help facilitate further discovery and analysis within the ICS cyber security community.

Speaker Information

Panelist Information

Gehron “Ronny” Fredericks

Nozomi Networks

Gehron “Ronny” Fredericks is a Senior Technical Engineer at Nozomi Networks. He holds a Master’s degree in Digital Forensics & Cyber Investigation and an additional MBA from UMUC. Ronny has unique OT experience from his time at leading energy provider, Exelon Corporation, as a Senior Security Analyst in their Security Operations Center. He has also worked closely on the IT side as a developer and technical operations manager in previous roles. Ronny is currently a member of the Infragard – Maryland Members Alliance and the US Secret Service Electronic Crimes Task Force.