The Computer Emergency Response Team of Ukraine (CERT-UA) announced it disrupted cyberattacks carried out by the Russia-linked Sandworm advanced persistent threat group (APT) against Ukrainian critical energy infrastructure.
The Sandworm APT (aka Unit 74455, Black Energy, BlackEnergy, Quedagh, Voodoo Bear, TEMP.Noble, Iron Viking) is believed to be a unit of Russia’s main intelligence agency that specializes on cyber-espionage and cyberwarfare. The group is thought to be responsible for the December 2015 Ukraine power grid cyberattack, the 2017 cyberattacks on Ukraine using the NotPetya malware, various interference efforts in the 2017 French presidential election, and the cyberattack on the 2018 Winter Olympics opening ceremony.
Last week, the FBI said it disrupted massive Sandworm-linked Cyclops Blink botnet that targeted WatchGuard, Asus devices.
The group’s latest cyberattack against Ukraine has targeted an undisclosed organization in the energy sector using a slew of malicious tools such as the Industroyer2 malware framework, the CaddyWiper data wiping malware, the Arguepatch loader, and others.
The CERT-UA said in a security advisory that the attack was carried out in two stages, with the threat actor attempting to disrupt several components of the victim’s infrastructure. More specifically, the attackers leveraged the Industroyer2 framework in order to cause damage to high voltage power substations, and planted the CaddyWiper data wiper on computer systems running Windows OS, including servers and industrial control systems (SCADA). The attackers also targeted the organization’s Linux servers using the Orcshred, Soloshred, and Awfulshred malicious scripts.
According to the advisory, the attackers breached the victim’s network “no later than February 22,” and scheduled the blackout on April 8, 2022, however, the attack was discovered and interrupted.
Cybersecurity Help statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!