Ukrainian Telcos Targeted by Suspected Sandworm Hackers

Russian hackers are targeting Ukrainian government agencies and critical infrastructure with a barrage of “destructive” malware designed to wipe or destroy IT systems, Kyiv cyber defenders said.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

Between May and September, at least 11 Ukrainian telecommunications firms detected hacks that, in some cases, disrupted service, Ukraine’s Computer Emergency Response Team, CERT-UA, reported Monday.

Ukraine gave the codename UAC-0165 to the threat actor behind the attacks and said it has moderate confidence that the attacks are being perpetrated by the Sandworm hacking team, which has pummeled Ukraine with cyberattacks for more than half a decade. Western intelligence says that Sandworm – aka Seashell Blizzard, TeleBots and Voodoo Bear – is run by Russia’s GRU military intelligence agency.

In January, Ukraine’s top information protection agency warned that Russia continues to use data stealers and wiper malware for destruction and cyberespionage as it continues its war of aggression. The State Service of Special Communications and Information Protection of Ukraine reported that the sectors being most targeted are energy, security and defense, telecommunications, technology and development, finance, and logistics.

The SSSCIP recently said Moscow appeared to be stepping up its destructive attacks, especially against the energy sector,…