Security News > 2023 > January > Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers.
"According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.
The attackers launched the CaddyWiper malware on the news agency's systems using a Windows group policy, showing that they had breached the target's network beforehand.
The attackers tried to erase traces left by Industroyer ICS malware with the help of CaddyWiper, and other data wipers designed for Linux and Solaris systems tracked as Orcshred, Soloshred, and Awfulshred.
Since Russia invaded Ukraine in February 2022, security researchers have discovered a series of data-wiping malware deployed against Ukrainian targets besides CaddyWiper, including DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain.
Recent ransomware attacks against Ukraine have also been linked to the Sandworm Russian-backed threat group.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)