Security News > 2023 > May > Russian hackers use WinRAR to wipe Ukraine state agency’s data
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices.
In a new advisory, the Ukrainian Government Computer Emergency Response Team says the Russian hackers used compromised VPN accounts that weren't protected with multi-factor authentication to access critical systems in Ukrainian state networks.
Once they gained access to the network, they employed scripts that wiped files on Windows and Linux machines using the WinRar archiving program.
The archives themselves were then deleted, effectively deleting the data on the device.
CERT-UA says the incident is similar to another destructive attack that hit the Ukrainian state news agency "Ukrinform" in January 2023, also attributed to Sandworm.
As always, VPN accounts that allow access to corporate networks should be protected with multi-factor authentication.
News URL
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)