Russian hackers, Sandworm, target Ukraine's 20 critical infrastructure orgs. Power grid, water supply at risk.

Continue reading
Ukraine yet again reportedly suffered a severe cyber threat from the notorious Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44.
These attackers, believed to be associated with Russia's GRU, targeted approximately 20 critical infrastructure facilities, including energy, water, and heating suppliers.
The attacks aimed to disrupt operations, posing a significant risk to Ukraine's national security and stability.
Sandworm leveraged a combination of sophisticated techniques to infiltrate and compromise the targeted networks.
One notable approach involved poisoning the software supply chain to deliver compromised or vulnerable software to the organizations.
Additionally, the hackers exploited the technical support access of software providers to gain unauthorized entry into the systems.
Sandworm deployed a variety of malware and tools to carry out its attacks effectively. Notable malware includes:
Sandworm also leveraged open-source tools such as Weevly webshell, Regeorg.Neo, Pitvotnacci, Chisel tunnelers, LibProcessHider, JuicyPotatoNG, and RottenPotatoNG. These tools aided in maintaining persistence, hiding malicious processes, and elevating privileges on compromised systems.
CERT-UA, the Ukrainian agency, responded to the attacks by engaging in extensive counter-cyber attack operations from March 7 to March 15, 2024.
These operations involved informing affected enterprises, removing malware, and enhancing security measures to mitigate further risks.
The attacks by Sandworm not only disrupted critical infrastructure operations but also aimed to amplify the impact of potential Russian missile strikes on these facilities. This underscores the strategic nature of the cyber threat, which seeks to undermine Ukraine's stability and national security.
Mandiant's recent revelation of Sandworm's connection to hacktivist-branded Telegram groups adds another layer to the complexity of the threat landscape.
This connection highlights the potential collaboration between state-sponsored threat actors and hacktivist entities, further complicating cybersecurity efforts.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.