The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country’s national news agency (Ukrinform) to Sandworm Russian military hackers.
“According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized nonetheless,” the State Service of Special Communications and Information Protection (SSSCIP) of Ukraine said.
“This enabled Ukrinform to continue its operation. Right now, CERT-UA specialists are assisting in infrastructure recovery and continuing investigation of the incident.”
CERT-U says the cyberattack was likely carried out by the Sandworm group based on the threat actors’ tactics, which was previously linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The attackers launched the CaddyWiper malware on the news agency’s systems using a Windows group policy (GPO), showing that they had breached the target’s network beforehand. Still, they failed to impact the news agency’s operations.