Ukrainian cybersecurity authorities have uncovered a plot by the notorious Sandworm hacking group to launch cyberattacks against nearly 20 critical infrastructure facilities nationwide.

According to CERT-UA, Ukraine’s Computer Emergency Response Team, Sandworm intended to unleash a multi-pronged attack utilizing a combination of malware, known vulnerabilities, and network infiltration techniques.

The group’s arsenal included:

Buy Me A Coffee
  • LOADGRIP and BIASBOAT malware: These malicious programs would have been deployed to infect initial targets within the critical infrastructure facilities’ IT systems.
  • QUEUESEED backdoor: This persistent backdoor, active since 2022, would have granted Sandworm remote access and control over compromised systems.
  • Exploitation of vendor software vulnerabilities: Sandworm planned to exploit unpatched vulnerabilities in software used by the facilities’ industrial control systems (ICS).
  • Lateral movement within networks: Once gaining a foothold, the attackers would have employed various techniques to move undetected across the networks, expanding their reach and escalating the attacks.
  • Disruption of ICS operations: The ultimate goal was to disrupt or disable critical ICS components, potentially leading to widespread power outages, water supply disruptions, and heating failures.

Additional malicious tools CERT-UA discovered during the investigation are from the open source space and include the Weevly webshell, the Regeorg.Neo, Pitvotnacci, and Chisel tunnelers, LibProcessHider, JuicyPotatoNG, and RottenPotatoNG.

(Translated via Gemini AI)

Chinese Hackers Breach Over 20,000 FortiGate Systems Worldwide in Extensive Cyber Espionage Campaign