Monday 23rd January 2023

Cyber Threat Intelligence Weekly Update: 20th January 2023

Key Issue: Sandworm linked to CaddyWiper compromise of Ukrinform’s info system

Cybercriminals: Cybercriminals push information-stealing malware using Google Ads

Nation-State: APT15 targets government entities with an updated Turian backdoor

Hacktivists: Pro-Russian hacktivist groups allege breach of US Internal Revenue Service


Sandworm linked to CaddyWiper compromise of Ukrinform’s info system

This week we reported that the Computer Emergency Response Team of Ukraine (CERT_UA) assessed that Russian state unit Sandworm was behind the recent CaddyWiper compromise of an information and communication system used by the Ukrinform, the National News Agency of Ukraine. CaddyWiper targeted
Group Policy, which is the centralised group of settings that enable network administrators to manage operating systems and degraded the integrity and availability of information on the system.

The pro-Russian Hacktivist group Cyber Army of Russia initially claimed responsibility for the compromise, however, CERT-UA has attributed the activity to Sandworm based on tactics, techniques, and procedures used by the group in past operations. Sandworm has previously conducted destructive wiper malware operations, and deployed CaddyWiper against the Ukrainian energy sector in April 2022. This incident reaffirms our assessment that Russia is coordinating offensive cyber operations among multiple threat actors to increase the impact on its victims and create plausible deniability. This increased impact is likely to escalate the threat of pro-Russian attacks against a wider range of organisations


Subscribe below to receive the full version.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.