Security News

Merck's insurers can't use an "Act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection, a court has ruled. A New Jersey appellate court this week upheld [PDF] an earlier decision that a group of insurers could not use the war exclusion in their insurance policies - despite the US and UK governments, among others others, attributing NotPetya to Kremlin-backed fiends - because the attack against Merck wasn't specifically linked to Russian military action.

Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak. It has helped fuel an ongoing debate over what constitutes an act of war - which even in cyberspace could invalidate an insurance claim - and whether insurance companies should pay damages caused by network intrusions supported or organized by nation states.

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck's insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "Did the right thing for the wrong reasons."

On 6th December 2021, the New Jersey Superior Court granted partial summary judgment in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against "All risks" property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software.

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "Strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586.".

Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck's $1.75 billion property insurance policy will have to cover the damage the NotPetya attacks did to the company's 40,000 computers, totaling more than $1.4 billion, according to the court filing.

The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate, the US Department of Justice claimed as it unsealed an indictment against six hackers and alleged members on Monday. "These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: Ukraine; Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation's flag, as a consequence of Russian government-sponsored doping effort," the DoJ alleges.

Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings. Targeted South Koreans, athletes, the International Olympic Committee officials, and more, with spear-phishing and malicious mobile apps in the run-up to the 2018 Winter Olympics in Pyeongchang, South Korea.

The Department of Justice on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years - including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017. According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots.

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years. The men are said to be members of Russia's GRU military intelligence agency, which has long been known to conduct hacking operations on behalf of Moscow.