Russia’s Sandworm hacking unit targets Ukrainian telecom suppliers

The notorious Russian state hacking group generally known as Sandworm has focused a minimum of eleven Ukrainian web and telecom suppliers since Might, based on a latest report from Ukrainian cybersecurity authorities.

The assaults led to service interruptions and potential information breaches, mentioned Ukraine’s pc emergency response staff, CERT-UA.

Hackers usually goal telecom suppliers in each Russia and Ukraine to disrupt communications and web entry amid the continued struggle. Most reported cyberattacks haven’t precipitated main shutdowns, and are sometimes resolved inside a couple of hours.

Within the latest assaults on Ukrainian telecom suppliers carried out between Might and September, Sandworm used varied malware, together with Poemgate and Poseidon to steal credentials and management contaminated gadgets, in addition to Whitecat to erase any forensic traces.

As well as, the hackers exploited compromised VPN accounts that weren’t protected by multi-factor authentication to infiltrate the victims’ networks.

The menace actors stole paperwork, schemes, contracts, and passwords from the targets’ official social media accounts with a purpose to make this info public or use it for the promotion of their assaults.

Within the remaining section of the assault, they disabled energetic community and server tools, in addition to information storage techniques, based on CERT-UA.

Assaults on Ukrainian telecom suppliers

Throughout the struggle with Russia, Ukrainian telecom and web suppliers confronted each bodily and digital assaults. Within the first yr of the struggle, the Ukrainian telecommunications trade incurred an estimated $2.3 billion in losses, as reported by the World Financial institution.

Cyberattacks performed a small position within the broader destruction of cell towers, fiber cables, and workplaces of Ukrainian telecom corporations.

In March of final yr, Ukraine’s main cell and broadband web supplier, Ukrtelecom, suffered a strong cyberattack that briefly disrupted its providers. The corporate mentioned it partnered with main cybersecurity companies, together with Microsoft, Cisco, Palo Alto, Cloudflare, and ISSP, to forestall future intrusions.

Throughout that very same month, one other Ukrainian telecom firm, Triolan, skilled a cyberattack that reset a few of its inside techniques.

Russian hackers additionally focused a number of small web suppliers, akin to Znet, Corbina, Uarnet and Kopiyka.

Ukraine’s largest cell provider, Kyivstar, reported a large distributed denial-of-service (DDoS) assault that lasted practically 30 hours. The corporate has additionally confronted assaults aimed toward stealing customers’ private information.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Japanese Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Unbiased and The Kyiv Put up.