This is the season for Russian cyberattacks, says Microsoft

This is the season for Russian cyberattacks, says Microsoft

Russian hacker groups are expected to have a long and productive winter, attacking both Ukrainian targets and those belonging to their Western allies with new malware attacks, according to Microsoft.

In a recent blog post (opens in a new tab), the software giant said that Russia would try to use disinformation and cyber attacks to undermine the support Ukraine receives from its Western allies, both humanitarian and military. In addition, he said he observed "targeted attacks" against Ukrainian infrastructure, followed by missile attacks.

The menacing actor apparently used for this purpose is called a Sandworm.

elite threat actor

“We believe that these recent trends suggest that the world should be prepared for several lines of possible Russian attacks in the digital realm this winter,” Microsoft said.

“Russia will seek to exploit cracks in popular support for Ukraine to undermine coalitions critical to Ukraine's resilience, hoping to harm humanitarian and military aid flowing into the region. We must also be prepared to carry out cyber influence operations targeting Europe alongside cyber threat activity. ."

Sandworm is an elite threat actor that has been in operation for approximately 20 years. It has been involved in cyber warfare against Ukraine in the past, including blackouts in 2015 and 2016. Additionally, the group was behind the KillDisk cleaner that targeted banks in the countries, as well as the feared NotPetya ransomware (opens in a new tab ).

This is not the first time that Microsoft has warned of increased cyber activity by Russian state-sponsored actors. In June, he said the country's intelligence agencies had upped the ante on attacks against Ukraine's allies. These were mostly cyber-espionage campaigns, with the aim of obtaining as much sensitive information as possible.

In addition, Sandworm is also blamed for recent ransomware attacks against Ukrainian targets, which occurred last month.

In April of this year, the FBI reported the removal of a major botnet belonging to Sandworm.

Via: BleepingComputer (Opens in a new tab)