Russian hacking groups are expected to have a long and productive winter, going after both Ukrainian targets, and those belonging to its western allies, with new and upgraded malware attacks, Microsoft is saying.
In a recent blog post, the software giant said Russia will try to use disinformation and cyberattacks to undermine the support Ukraine’s been getting from its western allies – both humanitarian, and military. Furthermore, it said it observed “targeted attacks” against Ukrainian infrastructure, followed by missile strikes.
The threat actor apparently being used to this end is called Sandworm.
Elite threat actor
“We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter,” Microsoft said.
“Russia will seek to exploit cracks in popular support for Ukraine to undermine coalitions essential to Ukraine’s resilience, hoping to impair the humanitarian and military aid flowing to the region. We should also be prepared for cyber-enabled influence operations that target Europe to be conducted in parallel with cyberthreat activity.”
Sandworm is an elite threat actor that has been operating for roughly 20 years. It has been engaged in cyber-warfare against Ukraine in the past, most notably the 2015 and 2016 blackouts. Furthermore, the group was behind the KillDisk wiper that targeted banks in the country, as well as the dreaded NotPetya ransomware.
This is not the first time Microsoft has been warning of increased cyber-activity from Russian state-sponsored actors. In June, it said the country’s intelligence agencies upped the ante in the attacks against Ukraine’s allies. These were mostly cyber-espionage campaigns, with the goal of obtaining as much sensitive intelligence as possible.
Furthermore, Sandworm’s also being blamed for recent ransomware attacks against Ukrainian targets, happening last month.
In April this year, the FBI reported taking down a major botnet belonging to Sandworm.
- Here are the best firewalls at the moment
Via: BleepingComputer