{"id":6116,"date":"2018-07-12T13:10:42","date_gmt":"2018-07-12T13:10:42","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=541649"},"modified":"2018-07-12T13:10:42","modified_gmt":"2018-07-12T13:10:42","slug":"the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/","title":{"rendered":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"169\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-300x169.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt=\"\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-300x169.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-768x432.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-640x360.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-440x248.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439-380x214.jpg 380w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/07\/160405134619-power-grid-custom-gs-780x439.jpg 780w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"\/><\/p>\n<p>At recent Industrial IoT security briefings, the Aurora vulnerability has come up repeatedly. Attendees ask, \u201cIs our country\u2019s power grid safe? How can we protect the grid? What is Aurora?\u201d This post provides a look at Aurora, and the BlackEnergy attack that can exploit Aurora.<\/p>\n<p>In March 2007, the US Department of Energy demonstrated the Aurora vulnerability. (See this video from CNN of the actual test: <a href=\"https:\/\/www.youtube.com\/watch?v=fJyWngDco3g\">https:\/\/www.youtube.com\/watch?v=fJyWngDco3g<\/a>). What is happening?<\/p>\n<p>An electric generator spins an electromagnet (the rotor) inside a coil of wire (the stator) to create electric power. The energy spinning the rotor can come from falling water in a hydroelectric power dam, from burning oil in a diesel generator, from steam created by nuclear fission in a nuclear power plant, or from the wind in a windmill. That electric power feeds the power grid for distribution to homes and businesses.<\/p>\n<p>Other generators are also feeding the same grid. In the US, the power on the grid is 60 cycle alternating current. That means the voltage changes from its positive to its negative voltage sixty times per second. As long as the generator is in phase with the rest of the grid, its power will smoothly contribute to the total power of the grid. If the generator gets out of phase, that is, if its output is not synchronized with the power of the grid, the generator is working against the entire power of the rest of the grid.<\/p>\n<p>DoE\u2019s experiment used a 2.25 MW diesel generator. The Aurora vulnerability allows an attacker to disconnect the generator from the grid just long enough to get slightly out of phase with the grid, and then reconnect it. This desynchronization puts a sudden, severe strain on the rotor, which causes a pulse of mechanical energy to shake the generator, damaging the bearings and causing sudden increases in temperature. By disconnecting and reconnecting the generator\u2019s circuit to the grid, the Aurora vulnerability led to the generator\u2019s destruction in about three minutes.<\/p>\n<p>In this test, though, the separate attack cycles (opening the breaker then closing it again) were not continuous. The DoE wanted to get readings from the generator as the attack progressed. In the wild, an attack would take much less time.<\/p>\n<p><strong>Mitigating the Aurora attack<\/strong><\/p>\n<p>To keep generators from self-destructing, the manufacturers build in safety systems that do not allow a generator to reconnect to the grid if it has been disconnected for 15 cycles (\u00bc of a second). Some generators may use mechanical relays. More commonly, the safety systems are software-controlled. For monitoring and operations, these systems are network-connected.<\/p>\n<p>The separate open\/close cycles in the Aurora attack take less than \u00bc second. The attack happens before the safety systems can react.<\/p>\n<p>At present, the mitigations in place are inadequate to mitigate the Aurora attack.<\/p>\n<p><strong>Enter BlackEnergy<\/strong><\/p>\n<p>BlackEnergy is a Trojan that can launch DDoS attacks, download custom spam, and steal banking credentials. Trend Micro\u2019s Security Intelligence Blog posted a detailed description of the malware in this article in February 2016: <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/killdisk-and-blackenergy-are-not-just-energy-sector-threats\/\">https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/killdisk-and-blackenergy-are-not-just-energy-sector-threats\/<\/a>. This malware has evolved since it was first detected in 2007. An updated variant was observed in 2010. In Nov 2015 BlackEnergy was discovered in attacks against power, mining, and rail companies in Ukraine, including the Dec 23, 2015 attack that cut power to 225,000 people.<\/p>\n<p>The attack used BlackEnergy, delivered through phishing emails directed at employees and others involved with the target companies. The payload included the KillDisk malware, which attackers used to disable boot capabilities on target systems. This prevented their restoration, blocked remote access to systems, and rendered Uninterruptable Power Supply (UPS) systems useless. It also disrupted Serial-to-Ethernet devices. This damage delayed recovery considerably. Most systems could not be used until their firmware had been restored.\u00a0 See <a href=\"https:\/\/ics-cert.us-cert.gov\/alerts\/IR-ALERT-H-16-056-01\">https:\/\/ics-cert.us-cert.gov\/alerts\/IR-ALERT-H-16-056-01<\/a> from the US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT).<\/p>\n<p><strong>Attack, Response, and Mitigation<\/strong><\/p>\n<p>The attack against Ukraine succeeded because the attackers completed comprehensive reconnaissance over months. They knew the specific equipment in use at each facility, they established backdoors in Human-Machine Interface (HMI) devices at those facilities, and they understood the recovery protocols and procedures at those facilities. They knew that disabling the Serial-to-Ethernet devices would make remote management impossible, stretching personnel to maintain operations and slowing remediation and recovery. They knew which UPSs to disable and how. They were prepared to lock operators out of their consoles (personnel reported that the cursors on the screens moved and could not be interrupted by the keyboard or mouse at the console).<\/p>\n<p>Most importantly, the attackers did not fully exploit the Aurora vulnerability. No generators were destroyed. Power was restored in hours. If generators had been destroyed, recovery could have taken months. Most large generators are custom-built, not sold from inventory. Rebuilding the power grid would have been months and cost millions of dollars. And further, destroying the generators would have been an act of war. The attack was a threat.<\/p>\n<p>The US power grid is equally vulnerable. Power distribution and generation organizations must segment their networks. Scan for malware. Maintain and analyze logs. Prepare for contingencies. Lock down systems. Isolate insecure devices.<\/p>\n<p>What do your think? Post a comment below, or tweet me <a href=\"https:\/\/twitter.com\/WilliamMalikTM\">@WilliamMalikTM.<\/a><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At recent Industrial IoT security briefings, the Aurora vulnerability has come up repeatedly. Attendees ask, \u201cIs our country\u2019s power grid safe? How can we protect the grid? What is Aurora?\u201d This post provides a look at Aurora, and the BlackEnergy attack that can exploit Aurora. In March 2007, the US Department of Energy demonstrated the&#8230;<br \/>\nThe post The Aurora Power Grid Vulnerability and the BlackEnergy Trojan appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":6117,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[1986,1987,125,307],"class_list":["post-6116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-aurora-power-grid","tag-blackenergy-trojan","tag-critical-infrastructure","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-12T13:10:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"169\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan\",\"datePublished\":\"2018-07-12T13:10:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/\"},\"wordCount\":886,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg\",\"keywords\":[\"Aurora Power Grid\",\"BlackEnergy Trojan\",\"Critical Infrastructure\",\"Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/\",\"name\":\"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg\",\"datePublished\":\"2018-07-12T13:10:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg\",\"width\":300,\"height\":169},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Aurora Power Grid\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/aurora-power-grid\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/","og_locale":"en_US","og_type":"article","og_title":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-12T13:10:42+00:00","og_image":[{"width":300,"height":169,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan","datePublished":"2018-07-12T13:10:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/"},"wordCount":886,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg","keywords":["Aurora Power Grid","BlackEnergy Trojan","Critical Infrastructure","Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/","url":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/","name":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg","datePublished":"2018-07-12T13:10:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan.jpg","width":300,"height":169},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-aurora-power-grid-vulnerability-and-the-blackenergy-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Aurora Power Grid","item":"https:\/\/www.threatshub.org\/blog\/tag\/aurora-power-grid\/"},{"@type":"ListItem","position":3,"name":"The Aurora Power Grid Vulnerability and the BlackEnergy Trojan"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/6116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=6116"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/6116\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/6117"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=6116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=6116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=6116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}