sandworm – Page 5 – WindowsTechs.com

‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine

Posted on November 8, 2019 by Greg Otto

For experts, trying to definitively explain the full scope of a cybersecurity incident is often a difficult and delicate process. They normally don’t find reason to tie attacks back to 13th-century massacres at the hands of Mongolian warlords. Yet, in “Sandworm,” the new book from Wired magazine’s Andy Greenberg, it’s the Mongols’ 13th-century raid on Ukraine (and other brutalities the region has endured) that helps explain why this area in the world has been linked to almost every major cyberattack in the past decade. “Sandworm” chronicles the hacker group of the same name, diving into the hectic moments behind the Russian outfit’s attacks, which have hit targets from the Ukrainian power grid to international shipping conglomerates. The book shows that attacks like BlackEnergy, NotPetya and Olympic Destroyer do not happen in a vacuum. Greenberg weaves them and others into a narrative that illuminates the personalities responsible for studying or thwarting Sandworm’s […]

The post ‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine appeared first on CyberScoop.

Continue reading ‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine→

BlackEnergy Successor Hits Energy Companies Since 2015

Posted on October 18, 2018 by Lucian Constantin

For the past three years, a stealthy cyberespionage group has been targeting energy companies, primarily from Poland and Ukraine, using a new malware framework dubbed GreyEnergy. GreyEnergy is a modular malware platform which, according to researchers… Continue reading BlackEnergy Successor Hits Energy Companies Since 2015→

Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid

Posted on October 17, 2018 by Sean Lyngaas

Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the evolution of the broad set of hackers behind the attacks in an effort to warn organizations the hackers might strike next. On Wednesday, analysts from cybersecurity company ESET added to that body of knowledge in revealing a quieter subgroup of those hackers that has targeted energy companies in Ukraine and Poland. ESET has dubbed the group GreyEnergy, a derivative of the original group of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is known for the disruptive 2015 attack on the Ukrainian grid that cut power for roughly 225,000 people, GreyEnergy has to date preferred reconnaissance and espionage, according to ESET. The group has taken screenshots of its possible targets, stolen credentials, and exfiltrated files. “Clearly, they want to fly under the radar,” said Anton Cherepanov, the company’s lead researcher on […]

The post Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid appeared first on Cyberscoop.

Continue reading Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid→

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid

Posted on October 15, 2018 by Tara Seals

Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. Continue reading NotPetya Linked to Industroyer Attack on Ukraine Energy Grid→

Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya

Posted on October 12, 2018 by Lucian Constantin

Analysis of a new backdoor program allowed malware researchers to establish clear links between the cyberattacks that led to power outages in Ukraine in 2015 and 2016 and the NotPetya ransomware outbreak. The new backdoor is called Exaramel and is use… Continue reading Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya→

Researchers link tools used in NotPetya and Ukraine grid hacks

Posted on October 11, 2018 by Sean Lyngaas

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” — or tools for remote access — used by the hackers. In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the“Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for […]

The post Researchers link tools used in NotPetya and Ukraine grid hacks appeared first on Cyberscoop.

Continue reading Researchers link tools used in NotPetya and Ukraine grid hacks→

Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers

Posted on June 19, 2018 by Chris Bing

A wave of sophisticated spear phishing emails captured by Moscow-based Kaspersky Lab suggests that the same Russian-linked hacking group responsible for a historic cyberattack on the 2018 Winter Olympics is now targeting biochemical research and domestic financial organizations. Dubbed the “Sandworm Group” by security analysts, the attackers gained notoriety earlier this year when a destructive hacking tool aimed at the IT network attached to the Winter Olympics caught the attention of multiple intelligence agencies. That tool, known as “Olympic Destroyer,” allowed for malware to spread within multiple confined IT environments, quickly deleting boot records and other forensic artifacts while also simultaneously siphoning off sensitive user credentials. CyberScoop previously reported that Sandworm had hacked into the 2018 Olympic games primary IT provider, Atos, months before the event began. One related phishing email that uses a booby trapped Microsoft Word document explicitly mentions a biochemical threat research conference held in Switzerland, which is organized by Spiez Laboratory. […]

The post Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers appeared first on Cyberscoop.

Continue reading Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers→

Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers

Posted on June 19, 2018 by Chris Bing

The post Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers appeared first on Cyberscoop.

Continue reading Russian-linked group tied to Winter Olympics attack is now targeting biochemical researchers→

WikiLeaks Reveals CIA Tool ‘Scribbles’ For Document Tracking

Posted on April 28, 2017 by Tom Spring

The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks. Continue reading WikiLeaks Reveals CIA Tool ‘Scribbles’ For Document Tracking→

APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack

Posted on July 7, 2016 by Tom Spring

Researchers discover APT attackers that rummage dark web, GitHub and hidden criminal forums to patch together a high-impact APT. Continue reading APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack→