XaiJu
dtns
dtns

patreon


Ukraine Thwarts Sandworm Attack - Threatwire

Added 2022-04-20 16:06:59 +0000 UTC

By Shannon Morse, ThreatWire

Lots of industrial attacks happened this week, although one potential attack failed during its deployment. Ukraine’s Computer Emergency Response Team thwarted the Russian APT group called Sandworm, who tried to attack an undisclosed energy provider in the region. According to a notification by CERT UA, Sandworm attackers attempted to target the electrical substations using Industroyer2 malware, Windows operating systems using the CaddyWiper data wiper, Linux operated server equipment using destructor scripts, and active networking equipment. CaddyWiper in particular has also been seen infecting Ukrainian bank networks in recent weeks. Researchers suspect the wipers would be used to destroy evidence of the malware after its attack.

If Industroyer sounds familiar, that’s because it was used back in 2016 against Ukraine’s power grid, so this was an updated version. This malware is also called CrashOverride by some researchers and it has the ability to control circuit breakers and switches at electricity stations. The new version can also take over protection relays at substations, so it can be quite dangerous. That 2016 attack did cause power outages and blackouts but attacks that could do this haven’t been seen since then, so it seems like the invasion of Ukraine is also reintroducing old tricks with updated versions.

Sandworm attacked in two phases - one happened in February 2022, then the second was set to occur on April 8, 2022, when they planned to shut down the substations and infrastructure. This was prevented, though, when the energy provider detected the attack while it was happening and stopped it before the attackers could again cause a blackout. It’s not clear how the attackers gained that initial access nor how they moved from an IT network over to the ICS network.

This group is believed to work for Russia’s GRU, the Main Intelligence Directorate. In recent times this group has also targeted ASUS routers with the Cyclops Blink botnet. We’ll likely see Sandworm continue their attacks, given they apparently never left after the successful energy sector attack in 2016.


More Creators

もいぱす様

もいぱす様

 fanbox
火猫@AKCat

火猫@AKCat

 fanbox
Xespe

Xespe

 patreon
PartTimeToasty

PartTimeToasty

 patreon
サムライ忍者GREENTEA

サムライ忍者GREENTEA

 fanbox
Artostre

Artostre

 fanbox
tef

tef

 patreon
雪喰

雪喰

 fanbox
Lydia the Bard

Lydia the Bard

 patreon
junkk000

junkk000

 patreon
GreenMushroom

GreenMushroom

 fanbox
Digi-Paw

Digi-Paw

 gumroad
Stinky

Stinky

 gumroad
LionCheater

LionCheater

 patreon
Luerstine

Luerstine

 gumroad
Alphafungamer Tobi

Alphafungamer Tobi

 gumroad
taofledermaus

taofledermaus

 patreon
FalkGraphics

FalkGraphics

 patreon
boysbyryan

boysbyryan

 patreon
rondonmeikyuu

rondonmeikyuu

 fanbox
Synne.ful

Synne.ful

 patreon
Meven Le Strat

Meven Le Strat

 patreon
Wolfurioner

Wolfurioner

 patreon
Slox

Slox

 patreon
chunhweilee

chunhweilee

 patreon
Dsharp_k

Dsharp_k

 patreon
AlyshiaHarvey

AlyshiaHarvey

 patreon
Female Muscle IA

Female Muscle IA

 patreon
れもん塩

れもん塩

 fanbox
mixedbyyeldo

mixedbyyeldo

 gumroad
maytaiii

maytaiii

 patreon
tendertroupe

tendertroupe

 patreon
xFNISH

xFNISH

 fanbox
EikoGTS

EikoGTS

 patreon
mk∞9

mk∞9

 fanbox
RexReact

RexReact

 patreon
LootTavern

LootTavern

 patreon
RuiDX

RuiDX

 patreon
The Video Archives Podcast

The Video Archives Podcast

 patreon
nooklom

nooklom

 patreon