Security News

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The Microsoft Threat Intelligence Center is now tracking the threat actor under its element-themed moniker Iridium, citing overlaps with Sandworm.

A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group. Researchers with Microsoft Security Threat Intelligence pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.

Ukraine's cyber police and Europol have identified and arrested five key members of an international investment fraud ring estimated to have caused losses of over €200 million per year. The operation of the investment scheme was spread across multiple European countries, including Ukraine, Germany, Spain, Latvia, Finland, and Albania.

Zhora is the deputy chairman and chief digital transformation officer at Ukraine's state service of special communication and information protection. It's been ongoing since at least Moscow annexing Crimea in 2014, leading up to the NotPetya ransomware outbreak in 2017, and all of this helped prepare Ukraine and its networks for the series of data wiping malware and denial of service attacks that started in January of this year.

Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks. "This activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks. The Prestige ransomware had not been observed by Microsoft prior to this deployment," MSTIC added.

The Ukrainian government on Monday warned of "Massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine said.

Russia plans to conduct "Massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv. "The occupiers are preparing massive cyber attacks on critical infrastructure facilities of Ukraine and its allies," according to a statement from Ukraine's Defense Ministry issued on Monday.

The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies. "The Kremlin plans to carry out massive cyber attacks on critical infrastructure of Ukrainian enterprises and institutions of critical infrastructure of Ukraine's allies," the intelligence service warned.

The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic."

The cyber department of Ukraine's Security Service has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web. The SSU says that the threat actor offered data packs, which were purchased in bulk by pro-Kremlin propagandists, who then used the accounts to spread fake news on social media, instill panic, and cause destabilization in Ukraine and other countries.