Security News > 2023 > January > Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers.
"According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.
The attackers launched the CaddyWiper malware on the news agency's systems using a Windows group policy, showing that they had breached the target's network beforehand.
The attackers tried to erase traces left by Industroyer ICS malware with the help of CaddyWiper, and other data wipers designed for Linux and Solaris systems tracked as Orcshred, Soloshred, and Awfulshred.
Since Russia invaded Ukraine in February 2022, security researchers have discovered a series of data-wiping malware deployed against Ukrainian targets besides CaddyWiper, including DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain.
Recent ransomware attacks against Ukraine have also been linked to the Sandworm Russian-backed threat group.
News URL
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)