Ukrinform may have been hacked by a group with ties to the Russian GRU – SSCS
"Ukrinform" news agency could have been attacked by hackers from the Sandworm group, which has ties to the Russian GRU.
This was reported by the press office of the State Service of Special Communications and Information Protection of Ukraine with reference to the preliminary data of a study by CERT-UA.
"The state Computer Emergency Response Team of Ukraine (CERT-UA), which operates under the State Special Communications Service, is investigating the cyber attack on the Ukrainian National News Agency 'Ukrinform', which occurred on January 17. The Russian Telegram channel 'CyberArmyofRussia_Reborn' has already boasted of the hackers' 'achievement', however, in reality, the attackers failed to interrupt the agency's work," the State Intelligence Service notes.
CERT-UA employees promptly localized the threat.
According to the experts' preliminary data, the hackers carried out a centralized launch of the CaddyWiper malware in order to violate the integrity and availability of information with the help of group policy (GPO).
Taking into account the attack's characteristic features, CERT-UA assumes that the cyber attack was carried out by UAC-0082 (Sandworm). This group is associated with the Chief Directorate of the General Staff of the Russian Armed Forces (GRU). This group is among those that attacked Ukraine most often in 2022.
Also, the state Computer Emergency Response Team notes that the aforementioned Telegram channel has been repeatedly used to highlight Sandworm's malicious activity along with typical reports about DDoS attacks and defaces.
The data-destroying CaddyWiper malware was first detected in Ukraine in mid-March 2022.
Sandworm hackers also used it in a large-scale cyber attack on Ukraine's energy sector last April.
As IMI reported, on January 17, "Ukrinform" news agency reported that their website had suffered a cyber attack and was temporarily down.
Help us be even more cool!