A new cyber attack from Russia on Ukraine, using a previously unseen Golang-based data wiping tool called SwiftSlicer, has occurred. ESET identified the attack as being carried out by Sandworm, a nation-state group linked to the Russian GRU’s Military Unit 74455. ESET revealed in tweets that the malware deletes shadow copies, overwrites files in various locations, and causes a computer reboot upon execution.
Sandworm is a nation-state cyber threat group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Russian Federation (GRU). This group is believed to have been active since 2009 and is considered one of the most dangerous cyber threat groups in the world.
The group’s primary focus is on espionage and disruption, and they have been responsible for a number of high-profile attacks over the years. Some of the most notable attacks attributed to Sandworm include:
- The NotPetya attack in 2017, which caused widespread destruction to companies and infrastructure across Europe and Asia.
- The 2016 attack on the Ukrainian power grid, which caused widespread blackouts across the country.
- The 2014 attack on the Winter Olympics in Sochi, which targeted organizations involved in the games.
Sandworm primarily uses zero-day exploits and spear-phishing campaigns to gain initial access to targeted systems. Once they have access, they use a variety of tools and techniques to gather information and disrupt operations. Some of these tools include:
- Data-wiping malware, such as SwiftSlicer.
- Backdoor malware, such as X-Agent.
- DDoS botnets, such as TeleBots.
It is important to note that Sandworm is not just a threat to organizations and companies, but to governments and critical infrastructure as well. The group has been implicated in a number of attacks on governments, including the Ukrainian government.
+ There are no comments
Add yours