Security News > 2023 > January > Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers.
"According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.
The attackers launched the CaddyWiper malware on the news agency's systems using a Windows group policy, showing that they had breached the target's network beforehand.
The attackers tried to erase traces left by Industroyer ICS malware with the help of CaddyWiper, and other data wipers designed for Linux and Solaris systems tracked as Orcshred, Soloshred, and Awfulshred.
Since Russia invaded Ukraine in February 2022, security researchers have discovered a series of data-wiping malware deployed against Ukrainian targets besides CaddyWiper, including DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain.
Recent ransomware attacks against Ukraine have also been linked to the Sandworm Russian-backed threat group.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)