Security News > 2022 > November > Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The Microsoft Threat Intelligence Center is now tracking the threat actor under its element-themed moniker Iridium, citing overlaps with Sandworm.
The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige victims as far back as March 2022, before culminating in the deployment of the ransomware on October 11.
"Iridium deployed the Industroyer2 malware in a failed effort to leave millions of people in Ukraine without power," Redmond said, adding the threat actor used "Phishing campaigns to gain initial access to desired accounts and networks in organizations within and outside Ukraine."
The development also arrives amid sustained ransomware attacks aimed at industrial organizations worldwide during the third quarter of 2022, with Dragos reporting 128 such incidents during the time period compared to 125 in the previous quarter.
"The LockBit ransomware family account for 33% and 35% respectively of the total ransomware incidents that target industrial organizations and infrastructures in the last two quarters, as the groups added new capabilities in their new LockBit 3.0 strain," the industrial security firm said.
News URL
https://thehackernews.com/2022/11/microsoft-blames-russian-hackers-for.html
Related news
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Ukraine arrests hackers trying to sell 100 million stolen accounts (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- What the Latest Ransomware Attacks Teach About Defending Networks (source)