A malicious campaign against logistics and transportation organizations in Ukraine and Poland using Prestige ransomware has recently been attributed to a team of expert Russian military hackers.
The perpetrators focused on the victims’ enterprise networks, targeting them with ransomware payloads, a tactic that hasn’t been frequently used against Ukrainian organizations. Furthermore, the attacks seem to follow a pattern similar to previous Russia-backed hacking activities.
“As of November 2022, MSTIC assesses that IRIDIUM very likely executed the Prestige ransomware-style attack,” Microsoft’s security advisory reads. “IRIDIUM is a Russia-based threat actor tracked by Microsoft, publicly overlapping with Sandworm, that has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war.”
Based on various metrics such as victimology, tradecraft, forensic artifacts, capabilities and infrastructure, Microsoft’s Security Threat Intelligence (MSTIC) researchers believe the campaign may have been launched by Sandworm, a Russian state-backed hacker group.
Previous reports have shown that, even though the campaign used similar techniques, it distinguishes itself from other recent destructive attacks such as HermeticWiper and AprilAxe (CaddyWiper).
Sandworm, also known as Voodoo Bear, BlackEnergy and TeleBots, is an Advanced Persistent Threat (APT) group allegedly operating out of Unit 74455 of Russia’s military GRU.
The US indicted in October 2020 six GRU 74455 officers associated with the Sandworm APT for numerous malicious operations, including:
Dedicated software solutions such as Bitdefender Ultimate Security can shield you against ransomware and other cyberthreats with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024