Security News > 2022 > November > New ransomware attacks in Ukraine linked to Russian Sandworm hackers

New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group Sandworm.

"There are similarities with previous attacks conducted by Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the Industroyer2 attacks against the energy sector."

Earlier this month, Microsoft also linked the Sandworm cyber-espionage group to Prestige ransomware attacks targeting transportation and logistics companies in Ukraine and Poland since October.

Sandworm is a group of elite Russian hackers active for at least two decades believed to be part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.

They have been previously linked to attacks leading to the KillDisk wiper attacks targeting banks in Ukraine and the Ukrainian blackouts of 2015 and 2016 [1, 2, 3]. Sandworm is also believed to have developed the NotPetya ransomware that caused billions of damage starting in June 2017.

The U.S. Department of Justice charged six of the group's operatives in October 2020 with coordinating hacking operations linked to the NotPetya ransomware attack, the PyeongChang 2018 Olympic Winter Games, as well as the 2017 French elections.

News URL

https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/