Critical Infrastructure Security, Threat Intelligence

Ukraine critical infrastructure subjected to Sandworm attacks

Russia flag is depicted on the screen with the program code. The concept of modern technology and site development.

(Adobe Stock)

Nearly 20 water, energy, and heating providers across Ukraine were noted by the country's Computer Emergency Response Team to have their information and communications systems targeted by Russian state-backed advanced persistent threat operation Sandworm, also known as APT44, Voodoo Bear, BlackEnergy, and Seashell Blizzard, last month, reports BleepingComputer.

Attacks involved the compromise of three or more supply chains that enabled the deployment of weaponized software, according to CERT-UA, which noted that weak cybersecurity defenses of the targeted entities had eased the intrusions that are believed to have been aimed at maximizing the impact of Russian missile attacks.

Sandworm was also observed to have leveraged the QUEUESEED malware, also known as Kapeka or IcyWell, for system information gathering and remote command execution alongside the C++ backdoor's newer Linux variants dubbed BIASBOAT and LOADGRIP, as well as the Go-based GOSSIPFLOW malware. Intrusions against Ukraine critical infrastructure also entailed the usage of the Weevly web shell, Pitvotnacci, Regeorg.Neo, and Chisel tunnelers; JuicyPotatoNG, LibProcessHider, and RottenPotatoNG for persistence and privilege escalation.

Related

Details on 2021 Chemonics hack remain scant

International development firm Chemonics, which mainly caters to the United States Agency of International Development, has not yet provided more extensive information regarding a cyberattack that compromised more than 6,000 individuals initially reported in July 2021, reports FedScoop.

Media, think tank, service spoofing conducted in APT42 cyberespionage operations

Iranian state-backed hacking operation APT42 — also known as Mint Sandstorm, Mint Phosphorous, Charming Kitten, and TA453 — has spoofed major news organizations, including The Washington Post, think tanks, such as the McCain Institute, and internet services, such as Gmail, YouTube, and Google Drive, as part of cyberespionage campaigns against journalists and human rights activists, reports CyberScoop.

Feds warn of new Kimsuky phishing attack techniques

The U.S. State Department, National Security Agency, and the FBI have issued a joint advisory warning organizations across the country, especially educational entities, non-profits, and think tanks, regarding the increasingly advanced phishing techniques leveraged by North Korean state-backed hacking group Kimsuky, also known as APT43, Emerald Sleet, and Velvet Chollima, Nextgov reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.