November 9, 2023 at 03:08AM
The Sandworm APT group, linked to Russia’s Main Center for Special Technologies, used living-off-the-land techniques to cause a power outage in a Ukrainian city in October 2022. The attack coincided with missile strikes. Unlike previous attacks, Sandworm exploited LotL binaries instead of advanced cyber weaponry. This incident highlights the challenge of defending against such attacks and underscores the need for stronger cyber defenses. The incident also emphasizes the resilience and experience of Ukraine’s defense against cyber warfare.
Key takeaways from the meeting notes:
1. The Sandworm APT group, linked to Russia’s Main Center for Special Technologies, has a history of cyberattacks in Ukraine, including blackouts and the infamous NotPetya wiper.
2. In October 2022, Sandworm used living-off-the-land (LotL) techniques to cause a power outage in a Ukrainian city during a barrage of missile strikes.
3. The group took advantage of LotL binaries to undermine Ukraine’s critical infrastructure cyber defenses, setting a worrying precedent for defense against similar attacks.
4. Sandworm breached the IT and operational technology networks, gaining access to a supervisory control and data acquisition (SCADA) system and using an optical disc image file to execute a binary and cut power.
5. Sandworm later deployed a new version of its CaddyWiper malware to disrupt the IT network and potentially wipe forensic evidence.
6. The attacks by Sandworm highlight the combination of kinetic and cyber warfare and the need for improved defense of industrial systems.
7. Previous attacks by Sandworm have been less impactful due to improved defenses on the part of Ukraine, but this latest attack showcases a new and challenging approach that will require strong efforts to detect and prevent.
Overall, the meeting notes reveal the evolving tactics of the Sandworm APT group and the importance of strengthening cyber defenses against similar attacks.