Security News > 2022 > November > New ransomware attacks in Ukraine linked to Russian Sandworm hackers
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm.
"There are similarities with previous attacks conducted by Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the Industroyer2 attacks against the energy sector."
Earlier this month, Microsoft also linked the Sandworm cyber-espionage group to Prestige ransomware attacks targeting transportation and logistics companies in Ukraine and Poland since October.
Sandworm is a group of elite Russian hackers active for at least two decades believed to be part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.
They have been previously linked to attacks leading to the KillDisk wiper attacks targeting banks in Ukraine and the Ukrainian blackouts of 2015 and 2016 [1, 2, 3]. Sandworm is also believed to have developed the NotPetya ransomware that caused billions of damage starting in June 2017.
The U.S. Department of Justice charged six of the group's operatives in October 2020 with coordinating hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, as well as the 2017 French elections.
News URL
Related news
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)