One of the world's most ruthless and advanced hacking groups, Russian state-controlled Sandworm has carried out a series of devastating cyberattacks in the country's ongoing war against neighboring Ukraine, researchers said Thursday.
In April, the group attacked a Ukrainian university using two wipers, a type of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One viper, tracked under the handle Sting, targeted Windows computers by scheduling a task called “DavaniGulashaSdeshka,” a phrase borrowed from Russian slang and loosely translated to mean “eat goulash,” ESET researchers said. said. Another viper is tracked as Zerlot.
Not a very common target
Then, in June and September, Sandworm used multiple Wiper variants against multiple Ukrainian critical infrastructure targets, including government, energy, and logistics organizations. The targets have long been in the crosshairs of Russian hackers. However, there was a fourth, less common goal – the organization of the grain industry in Ukraine.
“While all four have previously been documented as targets of Wiper attacks starting in 2022, the grain sector stands out as a less frequent target,” ESET said. “Given that grain exports remain one of Ukraine’s main sources of income, such targeting likely reflects an attempt to weaken the country’s war economy.”
Wipers have become a favorite tool of Russian hackers since at least 2012, with the spread of the virus NotPetya worm. The self-replicating malware initially targeted Ukraine but ended up causing international chaos, spreading across the world in a matter of hours. The worm caused tens of billions of dollars in financial damage after shutting down thousands of organizations, many for days or weeks.
