Ukraine has been hit with a fresh salvo of malware believed to be the brainchild of the Sandworn group, known to be backed by the Russian state.
If in recent months Ukraine has proven its resilience in the face of the cyber threat from Russia, the country is nevertheless hit by a new wave of malware that is putting its defenses to the test. The Ukrainian CERT (Cyber Emergency Response Teams), or CERT-UA, reports five “wipers” which, by definition, are quite formidable, since they are deployed with the aim of destroying the data and contents of the hard disk installed on the infected machine. All this, without the user being able to oppose it.
A cyberattack carried out by a group affiliated with Russia, which has been attacking Ukraine for many years
The five malware discovered by CERT-UA entered the machines of the Ukrainian national news agency Ukrinform on December 7, 2022, exactly. If the country’s cyber unit is in charge of this file, it is because a cyberattack was perpetrated on January 17. The hackers therefore waited more than a month before launching the final phase of their attack on Ukrinform.
According to the first results of the investigation, the UAC-0082 group is at the origin of this cyberattack. The latter is better known as Sandworm, an APT group specializing in sneak attacks for espionage and data theft, which regularly attacks Ukraine and is known to affiliation to the Kremlin.
A data shredder that bypasses all security
To achieve their ends, the hackers managed to circumvent the security supposed to prevent any attempt to delete data without authorization. Some wipers can even bypass and overwrite the Master Boot Record (MBR), that first addressable sector of a hard drive that contains the disk’s partition table and helps launch the operating system when the machine boots. Wipers can also undermine recovery capabilities from victims’ backups.
The data eraser used by Sandworm seems to be most effective, according to cyber specialists. He is also accustomed to the fact, because he has, in fact, already targeted various Ukrainian companies and government agencies.
The group is even thought to be behind the destruction of entire networks and the triggering of giant blackouts, such as the one that affected the country’s electricity grid, or the sabotage malware NotPetya, which hit Ukraine in 2017 before spreading across the rest of the world.
Source : Malwarebytes
5