Sandworm Blamed for Wiper Attack on Poland Power Grid
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
Coverage of incidents attributed to Sandworm, with analysis of infrastructure, disruption, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Sandworm is a name used for an intrusion set associated in public reporting and government assessments with Russia’s GRU, although such attribution remains subject to evidence and revision. Reporting has linked the group to disruptive operations including attacks affecting Ukrainian power distribution and the 2017 NotPetya outbreak, which spread through a compromised software-update channel and caused extensive operational damage. The activity tracked under this name has included destructive malware, denial-of-service attacks, and exploitation of vulnerable systems.
For defenders, the key risk is that an intrusion can progress from access to disruption rather than simple data theft. Priorities include rapidly patching internet-facing and edge systems, enforcing multifactor authentication and least privilege, segmenting critical networks, and maintaining offline, tested backups with restoration procedures. Threat intelligence on reported Sandworm infrastructure and malware can support detection and scoping, but indicators should complement—rather than replace—behavioral monitoring and sound vulnerability-management and incident-response practices.
Weekly headline count for the current query.
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.
But even with that focus, the sophisticated threat group has continued operations against targets globally, including the US, says Google's Mandiant.
Danish energy sector attacks attributed to Russia's Sandworm APT turn out to be the work of a new concern: cyber opportunists.
A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector.
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.