Russian linked hackers attack Ukrainian energy company with wipers and ransomware

Share post:

Russian hackers are suspected of deploying a new malware wiper against a Ukrainian energy company. The hackers are said to be from Russia’s Sandworm and used a wiper malware strain called NikoWiper to carry out the attack.

Researchers from the Slovakian cyber firm ESET discovered the strain. It was revealed that the attackers used data-wiping malware to target the unnamed company in October.

According to ESET, “In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine.

APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives.”

The malware, according to ESET, is based on SDelete, a Microsoft utility tool used to delete files. The report discovered Sandworm attacks that used ransomware as a wiper, in addition to data-wiping malware. Although ransomware was used in those attacks, the end goal was the same as with the wipers: data destruction.

The described attack occurred in October, around the same time that Russian forces began launching missile strikes against energy infrastructure. While the report cannot prove that those events were coordinated, it does suggest that Sandworm and the Russian military have similar goals.

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways