Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland http://www.welivesecurity.com/2014/09/22/back-in-blackenergy-2014/
OK so the conclusion is that stuff like UEFI Secure Boot, PatchGuard and Driver Signing Policy have indeed made it harder to develop stealthy kernel-mode rootkits. From the article: "There could be several reasons behind this trend, ranging from the technical obstacles that rootkit developers now face, like Windows system driver signing requirements, UEFI Secure Boot – which will be covered by Eugene Rodionov, Aleks Matrosov and David Harley in their VB2014 presentation Bootkits: past, present & future – to the simple fact that it is difficult and expensive to develop such malware. Also, any bugs in the code have a bad habit of blue-screening the system. All the while, possibly even raising suspicion of the presence of malicious code rather than hiding it in the system."
I hate to repeat myself, but I do not think that security tools are the problem. It's the incompetent IT security staff that's the problem. Of course securing a network with hundreds of computers is a different ball game than securing a home network, but surely they must be able to do better. I've read about APT attacks carried out by China on other countries, and they are not using magic to infect networks. It's the same old RATs that are being installed via zero day exploits. So anti-exploit, sandboxing, HIPS and so on, should be able to stop this malware. http://en.wikipedia.org/wiki/Remote_administration_software
New observations on BlackEnergy2 APT activity https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/
BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry http://www.welivesecurity.com/2016/...tacks-ukrainian-news-media-electric-industry/
Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies October 15, 2018 https://securityaffairs.co/wordpress/77132/cyber-warfare-2/blackenergy-hit-ukraine.html
