One of the world’s most ruthless and sophisticated hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyber attacks in the country’s ongoing war against neighboring Ukraine, researchers said Thursday.
In April, the group targeted a Ukrainian university with twin wipers, a form of malware that aims to permanently destroy sensitive data, and often the infrastructure in which that data is stored. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task called DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to “eat some goulash,” ESET researchers said. The other wiper is tracked as Zerlot.
A not so common target
Subsequently, in June and September, Sandworm launched multiple wiper variants against a wide range of Ukrainian critical infrastructure targets, including organizations active in government, energy and logistics. The targets have been in the crosshairs of Russian hackers for a long time. However, there was a fourth, less common target: organizations in the Ukrainian grain industry.
“While all four have been documented as targets of wiper attacks since 2022, the grain sector stands out as a less common target,” ESET said. “Given that grain exports remain one of Ukraine’s main sources of revenue, such targeting likely reflects an attempt to weaken the country’s wartime economy.”
Windshield wipers have been a favorite tool of Russian hackers since 2012, with the spread of the NotPetya worm. The self-replicating malware originally targeted Ukraine, but eventually caused international chaos as it spread globally within hours. The worm resulted in tens of billions of dollars in financial damage after thousands of organizations were shut down, often for days or weeks.
#Windshield #wipers #Russias #ruthless #hackers #rain #destruction #Ukraine