The Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid. The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities. Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter
caddywiper (2)
Activity Summary - Week Ending on 25 March 2022:
- Red Sky Alliance identified 15,245 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back with 24 Keylogged emails
- Analysts identified 1,081 new IP addresses participating in various Botnets
- CaddyWiper
- CryptBot
- Russian Cyber Attacks – Train your Machine
- IssacWiper
- A 3rd Wipper (after HermeticWiper and IzaakWiper)
- Wiper remediation
Link to full report: IR-22-084-001_weekly084.pdf