Security News > 2023 > October > Russian Sandworm hackers breached 11 Ukrainian telcos since May
The agency states that the Russian hackers "Interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches.
Sandworm is a very active espionage threat group linked to Russia's GRU. The attackers have focused on Ukraine throughout 2023, using phishing lures, Android malware, and data-wipers.
The attacks begin with Sandworm performing reconnaissance on telecommunication company's networks using the 'masscan' tool to perform scans on the target's network.
To make their intrusions stealthier, Sandworm uses 'Dante', 'socks5,' and other proxy servers to route their malicious activities through servers within the Ukrainian internet region they compromised previously, making it appear less suspicious.
Sandworm uses the 'Whitecat' tool to remove the attack's traces and delete access logs.
GRU hackers attack Ukrainian military with new Android malware.
News URL
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)