Ukraine links Russian hackers to data-wiping attack against news agency

Computer Emergency Response Team of Ukraine, CERT-UA has identified a malicious malware attack on Ukraine’s National News Agency (Ukrinform), to Sandworm Russian Military Hackers.

According to preliminary data provided by CERTUA experts, there were some destructive effects on agency’s IT infrastructure but it was quickly contained nonetheless,” said the State Service of Special Communications and Information Protection of Ukraine .

Ukrinform was able to carry on its operations thanks to this. CERT-UA experts are currently helping with infrastructure recovery as well as continuing investigations into the incident.

According to CERT-U , the Sandworm group was most likely responsible for the cyberattack. This was based on the tactics of threat actors and was linked previously with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.

CaddyWiper was launched by the attackers on news agency systems via a Windows Group Policy (GPO) showing they had already breached target network. They failed to affect the operations of the news agency.

On Wednesday, Yurii Shchyhol of SSSCIP stated that Russians had been trying to block Ukrainians’ access to information about the present situation and course of war from the beginning of full-scale invasion.

They have blocked Ukrainian television, Internet, and mobile communications in territories temporarily under the control of the enemy and have attacked radio and TV transmitting towers in several cities in Ukraine with missiles. They are waging cyberattacks against the Ukrainian media.

Also, Sandworm used CaddyWiper malicious malware in on a large Ukrainian energy supplier.

With the aid of CaddyWiper and other data wipers for Linux and Solaris (Orcshred Soloshred and Awfulshred), attackers attempted to wipe out Industroyer ICS malware’s traces.

ESET security researchers discovered CaddyWiper in March 2022. The data-destroying malware used to erase data from multiple Ukrainian organisations across Windows domains.

Security researchers discovered that a number of malwares were used to spy on Ukrainian targets, in addition to CaddyWiper.

The recent ransomware attacks on Ukraine were also .

Microsoft revealed that Sandworm is behind the on November 2. This attack has targeted the supply chain, attacking transport companies in Ukraine as well as Poland. It began in October 2022.