Contents:
A malware attack targeting the national news agency of Ukraine (Ukrinform) was recently stopped. The Computer Emergency Response Team of Ukraine (CERT-UA) attributed the data-wiper attack to Russian hackers.
The Attack Was Not Successful
CERT-U experts pinned the malware attack on Sandworm Russian military hackers, based on the tactics used by cybercriminals. These threat actors are associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
According to preliminary data, provided by CERT-UA specialists, the attack has caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized, nonetheless.
The CaddyWiper malware was used to carry out this attack on the news agency’s systems. The fact that the attackers utilized a Windows group policy (GPO) indicates that the breach on the network was made prior to the event. But the attack was not a successful one.
This enabled Ukrinform to continue its operation. Right now, CERT-UA specialists are assisting in infrastructure recovery and continuing the investigation of the incident.
Not the First Russian Attempt
In April 2022, Sandworm had another failed attack on a large Ukrainian energy provider. They also deployed CaddyWiper data-wiper malware trying to remove any signs of Industroyer ICS malware infection.
Another attack took place in October 2022, when Sandworm used ransomware against logistics and transportation companies in Ukraine and Poland, aiming at the supply chain this time.
Russians have been trying to cut off Ukrainians from the information on the current situation and the course of the war since the early days of the full-scale invasion. They have shut off Ukrainian TV, the Internet and mobile communication in the territories, temporarily controlled by the enemy, and they have been striking TV and radio transmitting towers in multiple cities of Ukraine with their missiles. They have waged cyberattacks on Ukrainian media.
Other data-wipers used by Russian hackers in attacks on Ukrainian targets are DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.