Articles

Ukraine energy facility hit by two waves of cyberattacks…

Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure at multiple levels, but was thwarted from doing serious damage.

Ukraine’s Governmental Computer Emergency Response Team (CERT-UA) announced that Russia’s state-backed threat group Sandworm launched two waves of cyberattacks against an unnamed Ukrainian energy facility. The attackers tried to decommission several infrastructural components of the facility that span both IT and operational technology, including high-voltage substations, Windows computers, servers running Linux operating systems, and network equipment.

CERT-UA said that the initial compromise took place no later than February 2022, although it did not specify how the compromise occurred. Disconnection of electrical substations and decommissioning of the company’s infrastructure were scheduled for Friday evening, April 8, 2022, but “the implementation of the malicious plan” was prevented.

The Ukrainian team received help from both Microsoft and ESET in deflecting any significant fallout from the attacks. ESET issued a report presenting its analysis of the attacks, saying its collaboration with CERT-UA resulted in its discovery of a new variant of Industroyer malware, the same malware that the Sandworm group used to take down the power grid in Ukraine in 2016.

This article appeared in CSO Online. To read the rest of the article please visit here.

Advanced Persistent Threat

US DOJ indictments might force Russian hacker group Sandworm…

lead centered=”no”
Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.
/lead

The US Department of Justice (DOJ) unsealed charges against six hackers who allegedly are part of Sandworm, a Russian military intelligence group responsible for a string of damaging and unprecedented acts of malicious digital activity. The breadth of crimes that DOJ accuses the hackers of committing is extensive, from shutting down Ukraine’s power grid — twice — to the launch of faux ransomware NotPetya, which caused billions of dollars in damages globally, to devastating cyberattacks on the 2018 Olympics in South Korea.

The indictment spells out multiple computer fraud and conspiracy charges against each defendant and is the first time Russia has been identified as the culprit behind the Olympic attacks. In those incidents, attackers deployed destructive malware called Olympic Destroyer to disrupt the 2018 games. The Russian hackers had attempted to blame North Korea, China and other adversaries as the culprit of those assaults through a series of false flags implanted in the malware that were designed to throw investigators off track.

The DOJ further alleges that the hackers and their co-conspirators helped Russia retaliate against former Russian spy Sergei Skripal by poisoning him, along with his daughter, with a weapons-grade nerve agent, Novichok. Other crimes outlined in the indictment are a series of spear phishing attacks against the country of Georgia and Georgian non-government organizations in January 2018 and a cyberattack in Georgia around October 2019 that defaced approximately 15,000 websites and disrupted service to them.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Steve Harvey on Unsplash

 

Articles

A new era of cyber warfare: Russia’s Sandworm shows…

lead centered=”no”In-depth research on Russia’s Sandworm hacking group shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world./lead

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.

Wired journalist Andy Greenberg has just released a high-profile book about the group, which he said at the conference is an account of the first full-blown cyberwar led by these Russian attackers. He kicked off the event with a deep dive into Sandworm, providing an overview of the mostly human experiences of the group’s malicious efforts.

Sandworm first emerged in early 2014 with an attack on the Ukrainian electric grid that “was a kind of actual cyberwar in progress,” Greenberg said. The grid operators in Ukraine watched helplessly as “phantom mouse attacks” appeared on their screens while Sandworm locked them out of their systems, turned off the back up power to their control rooms, and then turned off electricity to a quarter-million Ukrainian civilians, the first ever blackout triggered by hackers.

This article appeared in CSO Online. To read the rest of the article please visit here.