Critical Infrastructure Security, Threat Intelligence

Ukraine critical infrastructure subjected to Sandworm attacks

Russia flag is depicted on the screen with the program code. The concept of modern technology and site development.

Nearly 20 water, energy, and heating providers across Ukraine were noted by the country's Computer Emergency Response Team to have their information and communications systems targeted by Russian state-backed advanced persistent threat operation Sandworm, also known as APT44, Voodoo Bear, BlackEnergy, and Seashell Blizzard, last month, reports BleepingComputer.

Attacks involved the compromise of three or more supply chains that enabled the deployment of weaponized software, according to CERT-UA, which noted that weak cybersecurity defenses of the targeted entities had eased the intrusions that are believed to have been aimed at maximizing the impact of Russian missile attacks.

Sandworm was also observed to have leveraged the QUEUESEED malware, also known as Kapeka or IcyWell, for system information gathering and remote command execution alongside the C++ backdoor's newer Linux variants dubbed BIASBOAT and LOADGRIP, as well as the Go-based GOSSIPFLOW malware. Intrusions against Ukraine critical infrastructure also entailed the usage of the Weevly web shell, Pitvotnacci, Regeorg.Neo, and Chisel tunnelers; JuicyPotatoNG, LibProcessHider, and RottenPotatoNG for persistence and privilege escalation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.