2 min read

Russian Military Threat Group Linked to Ransomware Attacks in Ukraine

Vlad CONSTANTINESCU

November 11, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Russian Military Threat Group Linked to Ransomware Attacks in Ukraine

A malicious campaign against logistics and transportation organizations in Ukraine and Poland using Prestige ransomware has recently been attributed to a team of expert Russian military hackers.

The perpetrators focused on the victims’ enterprise networks, targeting them with ransomware payloads, a tactic that hasn’t been frequently used against Ukrainian organizations. Furthermore, the attacks seem to follow a pattern similar to previous Russia-backed hacking activities.

“As of November 2022, MSTIC assesses that IRIDIUM very likely executed the Prestige ransomware-style attack,” Microsoft’s security advisory reads. “IRIDIUM is a Russia-based threat actor tracked by Microsoft, publicly overlapping with Sandworm, that has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war.”

Based on various metrics such as victimology, tradecraft, forensic artifacts, capabilities and infrastructure, Microsoft’s Security Threat Intelligence (MSTIC) researchers believe the campaign may have been launched by Sandworm, a Russian state-backed hacker group.

Previous reports have shown that, even though the campaign used similar techniques, it distinguishes itself from other recent destructive attacks such as HermeticWiper and AprilAxe (CaddyWiper).

Sandworm, also known as Voodoo Bear, BlackEnergy and TeleBots, is an Advanced Persistent Threat (APT) group allegedly operating out of Unit 74455 of Russia’s military GRU.

The US indicted in October 2020 six GRU 74455 officers associated with the Sandworm APT for numerous malicious operations, including:

  • KillDisk wiper campaign against Ukrainian banks
  • Attacks against Ukrainian electrical companies and government organizations that led to blackouts in 2015 and 2016
  • The infamous NotPetya ransomware campaign in 2017
  • Targeting the French presidential campaign in 2017
  • Attacks against the Winter Olympic Games using the Olympic Destroyer malware in 2018
  • Attacking the Organization for the Prohibition of Chemical Weapons in 2018
  • Attacks targeting the country of Georgia in 2018 and 2019

Dedicated software solutions such as Bitdefender Ultimate Security can shield you against ransomware and other cyberthreats with features like:

  • Continuous, all-around protection against Trojans, worms, viruses, ransomware, spyware, rootkits, zero-day exploits and other e-threats
  • Multi-layer ransomware protection that protects your documents against all kinds of ransomware attacks
  • Network threat prevention module that monitors and blocks suspicious network-level activities
  • Behavioral detection technology that monitors active apps and blocks any potentially harmful activity it detects

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read