Notorious Russian military hacking team behind October ransomware attacks on Ukraine and Poland



Written by

Microsoft researchers said Thursday that an attack on transportation and logistics companies in Ukraine and Poland last month was the work of a notorious Russian military intelligence unit.

The October 11 attack – dubbed “Prestige” – attempted to cripple access to computers in targeted organizations. If successful, the attack effectively blocked companies from accessing their IT systems.

By targeting logistics and transportation companies, the Russian military intelligence hackers responsible for the attack may have been trying to impede the flow of goods and equipment to Ukraine, where Russian forces have suffered in recent months. a series of military reverses.

The flow of goods to Ukraine from partner nations has been a key way for Ukraine to get the supplies it needs, and the attack on IT infrastructure in Poland – a NATO ally – represents one of the few ways in which Russia can retaliate against Ukraine’s logistics partners.

The group behind the attacks – tracked by Microsoft’s Threat Intelligence Center (MSTIC) as “Iridium” but widely known as “Sandworm” – is the same group that tent to remove several electrical substations and other parts of a network serving 2 million people on April 8 in Ukraine.

Microsoft, which worked with Ukraine’s Computer Emergency Response Team to investigate the attack, revealed Prestige ransomware attacks on October 14, noting at the time that the attacks had similar casualties to “recent Russian state-aligned activity, particularly on affected geographies and countries”, and overlapped with previous victims of the wiper malware dubbed Hermetic Wiper, which was one of many destructive malware attacks launched at Ukrainian targets in the days immediately following the Russian invasion.

“The Prestige campaign may highlight a measured shift in the calculation of destructive IRIDIUM attacks, signaling an increased risk for organizations directly delivering or transporting humanitarian or military assistance to Ukraine,” the researchers said Thursday in a statement. update to their blog post of October 14. “More broadly, this may pose an increased risk to organizations in Eastern Europe that may be seen by the Russian state as providing war-related support.”

Jean-Ian Boutin, director of threat research for Slovak cybersecurity firm ESET, said the attribution to the Russian unit was expected.

“Sandworm has been carrying out destructive attacks for years, so the idea that they are behind Prestige ransomware is not surprising,” Boutin said. “In 2018, we reported some of their actions exploiting malware such as GreyEnergy against Polish organizations, so this is also consistent with their past actions.

Source link


Comments are closed.