Microsoft ties January Ukraine attack to notorious Sandworm group

Written by
Apr 27, 2022 | CYBERSCOOP

Microsoft on Wednesday tied a January malware wiper attack in Ukraine to notorious Russian hacking group Sandworm.

The new link fleshes out the operations of the group, also dubbed Iridium by Microsoft, during a heated war between Russia and Ukraine. Ukraine has already blamed the group for staging a malware attack on Ukraine’s power grid earlier this month, the third time in the group’s history.

Microsoft reports observing close to 40 destructive attacks targeting hundreds of systems since the conflict started. Roughly 32% of the attacks went after Ukrainian governmental organizations while more than 40% of destructive attacks were aimed at organizations in critical infrastructure sectors. Microsoft’s timeline of Russia’s cyber operations indicated that it began pre-positioning for conflict as early as March 2021, working to gain a foothold in Ukrainian systems and gain access to supply chain vendors critical to Ukraine.

The report found that Russia’s use of cyberattacks appears to be sometimes timed with its physical warfare. For instance, around the same time Russian forces invaded Mariupol, Russian operatives began sending emails posing as a Mariupol resident claiming the Ukrainian government had abandoned its people.

Microsoft also noted

Read More: