Microsoft Corp. warned an infamous hacking group that is tied to Russia’s military intelligence agency GRU could be gearing up for more ransomware attacks both inside and outside of Ukraine.
(Bloomberg) — Microsoft Corp. warned an infamous hacking group that is tied to Russia’s military intelligence agency GRU could be gearing up for more ransomware attacks both inside and outside of Ukraine.
Microsoft calls the group Iridium, but it is perhaps best known as Sandworm. It has been accused of attacks on Ukraine’s electric power grid and government agencies, the 2018 Winter Olympics and businesses across the globe. Now, it appears to be preparing for a renewed destructive campaign, the software company said in a threat intelligence report on Wednesday.
Russian hackers have been accused of bombarding Ukrainian institutions with “wiper malware” and DDoS attacks, a campaign that began even before President Vladimir Putin ordered troops to invade more than a year ago. However, Ukraine’s defenses have largely fended off a major cyberwar with the help of foreign tech companies including Microsoft.
The ransomware attack on Polish and Ukrainian transport services in October, attributed to Sandworm, may have been “a trial balloon” for further attacks, the report said. Microsoft warned it was a potential precursor to further Russian hacks beyond Ukrainian soil.
The attack was “testing the international community’s ability to attribute espionage operations to Moscow” or the reaction of Ukraine’s allies to a targeted destructive attack outside Ukraine by deploying ransomware on Poland’s transport system, Microsoft said.
In a February report on the cyber threats in Ukraine, Alphabet Inc.’s Google said that cyber campaigns by Sandworm, which it calls FrozenBarents, “seem designed to advance Russian strategic objectives and respond to changes in Russian intelligence requirements throughout the conflict.” The group, which has been active since 2009, targeted a Turkish drone manufacturer, whose systems were used by Ukraine, in the early weeks of the war and has targeted sensitive information such a Ukrainian military communications and troop movements, according to Google.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.