It is credited with the attacks against the Ukrainian energy infrastructure that caused blackouts in the country in 2015 as well as the destructive ransomware-like attack NotPetya in 2017 that started as a software supply chain attack against a Ukrainian software company but ended up impacted international organizations as well. Sandworm has launched destructive attacks against Ukrainian organizations for years. Sandworm is believed to operate as a unit inside Russia’s military intelligence agency, the GRU. In the last months of 2022, Sandworm continued its data wiping attacks against Ukrainian organizations, but expanded its efforts to organizations from countries that are strong supporters of Ukraine, such as Poland, according to a new report by cybersecurity firm ESET. Destructive cyberattacks in Ukraine support Russia’s war efforts All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea’s Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.Īt the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |