Security News > 2022 > November > Russian military hackers linked to ransomware attacks in Ukraine
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.
Researchers with Microsoft Security Threat Intelligence pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.
This tactic has rarely been seen in attacks targeting Ukrainian organizations, and it matches previous Russian state-aligned activity, such as the use of the HermeticWiper destructive malware before the start of the invasion of Ukraine.
They have been linked to attacks leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3] and the KillDisk wiper attacks targeting Ukrainian banks.
In October 2020, the U.S. Department of Justice charged six of the group's operatives for hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.
Earlier this year, in February, a joint security advisory issued by U.S. and U.K. cybersecurity agencies also pinned the Cyclops Blink botnet on the Russian military cyberspies before its disruption that prevented its use in attacks.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)