Cybersecurity researchers from Microsoft Threat Intelligence Center (MSTIC) have noted companies across Ukraine and Poland being hit by two separate attacks: in one, a disk wiper called HermeticWiper was deployed, while in the other, a ransomware called Prestige.
"Despite using similar deployment techniques, the [Prestige] campaign is distinct from recent destructive attacks leveraging [...] Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organizations in Ukraine over the last two weeks," the researchers explained.
"MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations."
Links to Russia
In some cases, the victim companies are overlapping, but Microsoft’s researchers are not yet convinced all of this is the work of the same threat actor.
For the time being, Microsoft is tracking the group(s) as DEV-0960, the usual label for threat actors yet to have their identities revealed.
There is tangential evidence of the attackers having connections to the Kremlin, though, as HermeticWiper was first observed in the wild a day before the invasion of Ukraine and - against Ukrainian entities.
The researchers don’t really know how the attackers managed to compromise the target networks, and whether or not any malware was included. What they do know is that they used two remote-execution tools (RemoteExec and Impacket WMIexec) to control the compromised endpoints.
"The threat landscape in Ukraine continues to evolve, and wipers and destructive attacks have been a consistent theme," Microsoft further said. "Ransomware and wiper attacks rely on many of the same security weaknesses to succeed."
- These are the best cloud backup solutions at the moment
Via: The Register
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.