One of the most dreaded groups of hackers, Ukraine Sandworm, is reportedly attacking news agencies with five data wiping malware tools. This group of cybercriminals is known for its sophisticated and destructive techniques, but this is the first time data wiping malware has been used in a hacking campaign. The news agency that has been affected is a major one from Ukraine, which currently remains unnamed.
The attack was discovered by security researchers at Kaspersky Lab. According to their findings, the hackers used five different data wiping malware tools: KillDisk, Sadmin, CrashKill, Tofsee, and Chopa. The hackers reportedly exploited several zero-day flaws in Windows operating systems to gain access to the news agency’s network. Once inside, they used the malware tools to thoroughly erase data from various computers, which resulted in the complete destruction of the networks.
It’s important to note that the attack was not aimed at gaining access to the website or databases of the news agency, but rather to render them completely inaccessible. The motive behind this is still unclear, but the fact that the attackers used five data wiping malware tools suggests that the attack was planned and sophisticated in nature.
Due to the destructive nature of the attack, it’s important for organizations to ensure their networks are secure and up-to-date with security patches. Organizations should also ensure they have data backups regularly and en-environments that are regularly monitored. In addition, it is also recommended that strong antivirus software be installed on all computers and devices, and that a secure operating system is used on all networks. Finally, organizations should ensure they are using a secure internet connection and that cybersecurity experts are consulted to provide additional protection against malicious software.
Ukraine Sandworm is known for its attacks on high-profile targets, like government and military organizations, though it is still unclear why the group chose the news agency as its target. The group is highly active, and it is likely that more attacks will be carried out in the future. As such, it is important to stay vigilant and take the necessary steps to prevent a similar type of attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 27 Jan 2023 18:11:03 +0000