Russian military hackers linked to ransomware attacks in Ukraine

2022-11-10 19:47

A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.

Researchers with Microsoft Security Threat Intelligence pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.

This tactic has rarely been seen in attacks targeting Ukrainian organizations, and it matches previous Russian state-aligned activity, such as the use of the HermeticWiper destructive malware before the start of the invasion of Ukraine.

They have been linked to attacks leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3] and the KillDisk wiper attacks targeting Ukrainian banks.

In October 2020, the U.S. Department of Justice charged six of the group's operatives for hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.

Earlier this year, in February, a joint security advisory issued by U.S. and U.K. cybersecurity agencies also pinned the Cyclops Blink botnet on the Russian military cyberspies before its disruption that prevented its use in attacks.

News URL

https://www.bleepingcomputer.com/news/security/russian-military-hackers-linked-to-ransomware-attacks-in-ukraine/

#attack #hacker #military #ransomware #russian #ukraine

News URL

Related news