Security News > 2022 > November > New ransomware attacks in Ukraine linked to Russian Sandworm hackers
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm.
"There are similarities with previous attacks conducted by Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the Industroyer2 attacks against the energy sector."
Earlier this month, Microsoft also linked the Sandworm cyber-espionage group to Prestige ransomware attacks targeting transportation and logistics companies in Ukraine and Poland since October.
Sandworm is a group of elite Russian hackers active for at least two decades believed to be part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.
They have been previously linked to attacks leading to the KillDisk wiper attacks targeting banks in Ukraine and the Ukrainian blackouts of 2015 and 2016 [1, 2, 3]. Sandworm is also believed to have developed the NotPetya ransomware that caused billions of damage starting in June 2017.
The U.S. Department of Justice charged six of the group's operatives in October 2020 with coordinating hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, as well as the 2017 French elections.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)