Russian linked hackers attack Ukrainian energy company with wipers and ransomware

Share post:

Russian hackers are suspected of deploying a new malware wiper against a Ukrainian energy company. The hackers are said to be from Russia’s Sandworm and used a wiper malware strain called NikoWiper to carry out the attack.

Researchers from the Slovakian cyber firm ESET discovered the strain. It was revealed that the attackers used data-wiping malware to target the unnamed company in October.

According to ESET, “In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine.

APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives.”

The malware, according to ESET, is based on SDelete, a Microsoft utility tool used to delete files. The report discovered Sandworm attacks that used ransomware as a wiper, in addition to data-wiping malware. Although ransomware was used in those attacks, the end goal was the same as with the wipers: data destruction.

The described attack occurred in October, around the same time that Russian forces began launching missile strikes against energy infrastructure. While the report cannot prove that those events were coordinated, it does suggest that Sandworm and the Russian military have similar goals.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Cybersecurity Firm Prodaft Buys Hacker Forum Accounts to Monitor Cybercriminal Activity

Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways