1 min read

Ukraine News Agency Hit in Suspected Attack by Russian-Backed Sandworm Group


February 02, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Ukraine News Agency Hit in Suspected Attack by Russian-Backed Sandworm Group

A cyberattack against the National News Agency of Ukraine (Ukrinform) was likely the work of UAC-0082 (Sandworm), a group likely operating under Russia's Main Department of the General Staff of the Armed Forces (GRU), according to Ukrainian authorities.

Sandworm is likely a Russian cyber military unit responsible for numerous attacks over the years, including the release of the infamous NotPetya malware. Its main goal is to compromise and disrupt infrastructure, which is exactly the goal of the attack on Ukrinform.

According to the Computer Emergency Response Team of Ukraine (CERT-UA), the Russian hackers used five different types of malware, including CaddyWiper, ZeroWipe, SDelete, AwfulShred and BidSwipe.

"While investigating the attack, the CERT-UA experts learned that the criminals had made an unsuccessful attempt to disrupt user workstations' normal operation by using CaddyWiper and ZeroWipe destructive malware as well as a legitimate SDelete utility (that they planned to start through "news.bat")," explained CERT-UA in a press release. "At the same time, a group policy object (GPO) was used for centralized malware dissemination. It enabled creation of corresponding scheduled tasks."

"The CERT-UA emphasizes that the cyberattack was only a partial success, specifically with regard to a limited number of data storage systems."

The attackers compromised several elements of the information and communication system on January 17, researchers found. The attack's aim was simple: destroy any and all information stored on infected devices by writing on disks with zero bytes and/or arbitrary data.

CERT-UA doesn't say how the malware ended up on those devices, but one of the more common methods is phishing, which usually means that someone was tricked into clicking on a link and downloading the malicious software.

Based on the techniques and malware used in the attack, CERT-UA researchers say it’s possible to state that the cyberattack was carried out by the UAC-0082 (Sandworm) group.




Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like