Security News > 2022 > November > Russian military hackers linked to ransomware attacks in Ukraine
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.
Researchers with Microsoft Security Threat Intelligence pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.
This tactic has rarely been seen in attacks targeting Ukrainian organizations, and it matches previous Russian state-aligned activity, such as the use of the HermeticWiper destructive malware before the start of the invasion of Ukraine.
They have been linked to attacks leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3] and the KillDisk wiper attacks targeting Ukrainian banks.
In October 2020, the U.S. Department of Justice charged six of the group's operatives for hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.
Earlier this year, in February, a joint security advisory issued by U.S. and U.K. cybersecurity agencies also pinned the Cyclops Blink botnet on the Russian military cyberspies before its disruption that prevented its use in attacks.
News URL
Related news
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- Jackson County in state of emergency after ransomware attack (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)