Over nearly a decade, the hacker group within Russia's GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine's power grids, financial system, media, and government agencies.
Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.
On Tuesday, a cyberattack hit Kyivstar, one of Ukraine's largest mobile and internet providers.
The details of how that attack was carried out remain far from clear.
The Ukrainian government hasn't yet publicly attributed the cyberattack to any known hacker group-nor have any cybersecurity companies or researchers.
The message also includes screenshots that appear to show access to Kyivstar's network, though this could not be verified.
Solntsepek has previously been used as a front for the hacker group Sandworm, the Moscow-based Unit 74455 of Russia's GRU, says John Hultquist, the head of threat intelligence at Google-owned cybersecurity firm Mandiant and a longtime tracker of the group.
He declined to say which of Solntsepek's network intrusions have been linked to Sandworm in the past, suggesting that some of those intrusions may not yet be public.
This Cyber News was published on www.wired.com. Publication date: Wed, 13 Dec 2023 16:43:04 +0000