Bioinformatics is essential for the management of data in modern biology and medicine. By finding more secure solutions we will be creating greater opportunity and more efficiency in medical research. ~Audrey Bentley
Bioinformatics is essential for the management of data in modern biology and medicine. By finding more secure solutions we will be creating greater opportunity and more efficiency in medical research. ~Audrey Bentley
Associated Groups/Names: Telebots, ELECTRUM, Voodoo Bear, IRON VIKING, Quedagh
Group Formed: Sometime between 2004-2007
Main Methods: Zero-days, Spearphishing, Malware
Main Targets: Industrial Control Systems
Preferred Tool: Black Energy, which is associated with electricity & power generation for espionage, Denial of Service, and data destruction purposes.
Attacks the Group is Linked To: 2015 Compromise of the Ukranian Electrical Grid, A DoS prior to the Russian Invasion of Georgia and much more..
October 2014: Campaign targeting Ukranian government officials and members of the EU & NATO. In this campaign they used a Zero-Day exploit CVE-2014-4114.
2015: The unique malware variant “BlackEnergy 3” reemberged in Ukraine.
December 2015: Ukranian Power Grid Cyber Attack (More on this below.)
2017: Conducted Cyberattacks on Ukraine using the NotPetya malware.
2017: Various intrusions in the 2017 French Presidential Election.
2018: Cyberattack on the Winter Olympics Opening Ceremony.
October 19, 2020: A United States based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes.
February 2022: Sandworm “allegedly” released the Cyclops Blink (Malware that targets routers & firewall devices from WatchGuard and Asus and adds them to a botnet for Command and Control). This malware is similar to VPNFilter.
March 2022: Human rights investigators & lawyers from the UC Berkeley School of Law sent a formal request to the International Criminal Court (located in the Hague, Netherlands) urging the Prosecutor to consider war crime charges against Russian hackers for their cyberattacks against Ukraine.
April 2022: Sandworm made an attempt at a blackout in Ukraine using a variant of the malware Industroyer, known as “Industroyer2.”
On December 23, 2015 the first publicly acknowledged successful cyberattack on a power grid was attributed to Sandworm. The power grid was located in two Western Oblasts in Ukraine. This resulted in approximately 230,000 consumers losing power between 1 to 6 hours. During the outage the threat actors flooded customer services phone lines with calls to prevent customers from reporting the incident.
Side Note: During the same time, two other energy distribution companies were also impacted by a cyberattack, but at a much smaller scale. (Hernivtsioblenegro & Kyivoblenegro) The IP addresses that were traced from these attacks were attributed to the Russian Federation.
The Cyber Attack Consisted of These Steps:
Using spear-phishing emails (containing BlackEnergy Malware) to compromise the networks.
Seizing SCADA (Supervisory Control and Data Acquisition) under control, remotely switching substations off.
Disabling IT infrastructure components.
The KillDisk Malware destroying files stored on servers & workstations.
Using a Denial-of-Service attack on the call center to deny consumers access to information on the blackout.
Also the emergency power at the utility company’s operations center was turned off.
U.S. Cyber Intelligence firm iSight Partners announced in January of 2016 that Sandworm was responsible for the unprecedented power outage in Ukraine. They came to this conclusion based on analysis of the malicious software known as BlackEnergy 3 & KillDisk, which were used in the attack.
BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks. In 2010, BlackEnergy 2 emerged with capabilities beyond DDoS. Then in 2014 we first see BlackEnergy 3 which came equipped a variety of plug-ins. The changes made with this version simplified the malware code. In BE3 the installer drops the main dynamically linked library (DLL) component directly to the local application data folder. This is the variant of the malware Sandworm used in the 2015 power grid attack in Ukraine. This attack is distributed via a word document or PowerPoint attachment in an email which enticed the victims into clicking the malicious file that they thought was legitimate.