April 27, 2024 at 08:54AM Cybersecurity researchers have detected a targeted cyber attack on Ukraine utilizing a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. The attack involves exploiting a PowerPoint file to execute remote code, leading to the injection of a malicious payload. The attack’s exact purpose and the responsible threat actor remain … Read more
April 22, 2024 at 08:34AM The Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, carried out disruptive cyberattacks on critical infrastructure in Ukraine. The attacks targeted energy, water, and heating suppliers, exploiting weaknesses in cybersecurity practices. CERT-UA conducted counter-cyberattack operations from March 7 to March 15, 2024, and identified … Read more
April 17, 2024 at 04:54PM Two newly discovered malware tools, Kapeka and Fuxnet, have targeted industrial control systems and operating technology in Europe, marking the cyber repercussions of the ongoing conflict between Russia and Ukraine. Kapeka, connected to the Sandworm group, functions as a persistent backdoor, while Fuxnet, used by the Blackjack group, aims to … Read more
April 17, 2024 at 04:06PM Kapeka is a new backdoor possibly linked to Russia’s Sandworm and a potential successor to GreyEnergy. Little public information exists on Kapeka, but WithSecure and Microsoft believe it is a tool of a nation-state group. Kapeka has potential for long-term cyberespionage or to deliver malware payloads, possibly originating from Sandworm. … Read more
April 17, 2024 at 04:04PM The notorious Russian military cyber unit, Sandworm, linked to GRU intelligence, engaged in cyberattacks on US and European water and hydroelectric utilities, causing disruptions and a water tank overflow. The group has targeted Ukraine and also impacted US and European critical infrastructure. Mandiant warned of the ongoing threat posed by … Read more
April 17, 2024 at 01:13PM Russian military intelligence-linked group Sandworm, also known as APT44, has been conducting cyber attacks by posing as hacktivist groups on multiple Telegram channels. The group employs various methods, including phishing and supply-chain compromise, to target Ukraine and other countries, with potential plans to interfere in national elections. Sandworm has transitioned … Read more
April 17, 2024 at 10:04AM WithSecure’s report reveals the discovery of the new Kapeka backdoor, linked to Russian APT group Sandworm, targeting Eastern Europe since 2022. Microsoft identifies it as KnuckleTouch, describing its involvement in ransomware campaigns and multifunctional capabilities. The backdoor’s advanced features indicate APT-level activity, showing conceptual overlaps with GreyEnergy and Prestige. Based … Read more
March 22, 2024 at 12:33AM New findings from SentinelOne show that the data wiping malware AcidPour may have been used in attacks targeting four Ukrainian telecom providers, linked to Russian military intelligence. It has expanded capabilities to disable various devices and overlaps with the AcidRain wiper, demonstrating a refined and calculated approach by threat actors … Read more
January 5, 2024 at 03:27AM Ukrainian authorities reported a cyber attack by the Russian state-sponsored group Sandworm, which breached telecom operator Kyivstar’s systems, leading to service disruption for millions. A Russia-linked hacking group, Solntsepyok, claimed responsibility. The attack wiped out data from thousands of servers, and the Security Service of Ukraine suspects the attackers had … Read more
January 5, 2024 at 02:36AM Sandworm crew, linked to Russia, launched a sophisticated cyber attack on Kyivstar, Ukraine’s telco giant, causing disruption to 24 million users’ mobile and internet services. The attack resulted in damage to infrastructure, air raid alert systems, and banking services. Experts believe this attack highlights the potential impact of cyber warfare … Read more