January 4, 2024 at 03:03PM In a recent interview, Illia Vitiuk, head of Ukraine’s SBU cybersecurity department, revealed that the Russian-backed cyberattack on Kyivstar caused extensive damage, impacting 24 million users and potentially resulting from an insider job. Vitiuk warned that Western organizations are also at risk and cautioned that this attack sends a strong … Read more
November 16, 2023 at 01:18AM Russian threat actors are suspected of launching the largest cyber attack on Danish critical infrastructure in May 2023. The attack targeted 22 energy sector companies and was coordinated and successful. Evidence suggests the involvement of Russia’s GRU military intelligence agency. The attacks exploited a critical command injection flaw in Zyxel … Read more
November 10, 2023 at 07:51AM Russian hackers Sandworm targeted a Ukrainian electrical substation, causing a brief power outage in October 2022. The attack involved using OT-level living-off-the-land techniques and a variant of CaddyWiper malware. The exact initial vector remains unclear, but the incident highlights Sandworm’s ongoing efforts to disrupt Ukraine’s power grid. Asset owners globally … Read more
November 9, 2023 at 03:08AM The Sandworm APT group, linked to Russia’s Main Center for Special Technologies, used living-off-the-land techniques to cause a power outage in a Ukrainian city in October 2022. The attack coincided with missile strikes. Unlike previous attacks, Sandworm exploited LotL binaries instead of advanced cyber weaponry. This incident highlights the challenge … Read more
October 19, 2023 at 12:33AM State-backed threat actors from Russia and China are exploiting a security flaw in the WinRAR archiver tool for Windows. The vulnerability (CVE-2023-38831) allows attackers to execute code when a user tries to view a benign file in a ZIP archive. The attackers include FROZENBARENTS (Sandworm), FROZENLAKE (APT28), and ISLANDDREAMS (APT40). … Read more
October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more
October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google … Read more
October 16, 2023 at 02:08PM The Russian hacking group known as ‘Sandworm’ has compromised eleven telecommunication service providers in Ukraine between May and September 2023, according to a report by Ukraine’s Computer Emergency Response Team (CERT-UA). The hackers interfered with communication systems, causing service interruptions and potential data breaches. Sandworm used various tactics, including phishing … Read more