The hacking group Microsoft ID'd is among the world's most cutthroat and skilled
Microsoft on Thursday fingered Russia's military intelligence arm as the likely culprit behind ransomware attacks last month that targeted Polish and Ukrainian transportation and logistics organizations.
If the assessment by members of the Microsoft Security Threat Intelligence Center (MSTIC) is correct, it could be cause for concern for the US government and its European counterparts. Poland is a member of NATO and a staunch supporter of Ukraine in its bid to stave off an unprovoked Russian invasion. The hacking group the software company linked to the cyberattacks—known as Sandworm in wider research circles and Iridium in Redmond, Washington—is one of the world's most talented and destructive and is widely believed to be backed by Russia's GRU military intelligence agency.
Sandworm has been definitively linked to the NotPetya wiper attacks of 2017, a global outbreak that a White House assessment said caused $10 billion in damages, making it the most costly hack in history. Sandworm has also been definitively tied to hacks on Ukraine's power grid that caused widespread outages during the coldest months of 2016 and again in 2017.
Last month, Microsoft said that Poland and Ukraine transportation and logistics organizations had been the target of cyberattacks that used never-before-seen ransomware that announced itself as Prestige. The threat actors, Microsoft said, had already gained control over the victim networks. Then in a single hour on October 11, the hackers deployed Prestige across all its victims.
Once in place, the ransomware traversed all files on the infected computer's system and encrypted the contents of files that ended in .txt, .png, gpg, and more than 200 other extensions. Prestige then appended the extension .enc to the existing extension of the file. Microsoft attributed the attack to an unknown threat group it dubbed DEV-0960.
On Thursday, Microsoft updated the report to say that based on forensic artifacts and overlaps in victimology, tradecraft, capabilities, and infrastructure, researchers determined DEV-0960 was very likely Iridium.
Related Stories
The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations.
"Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities."
[...] The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday.
"EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.
(Score: -1, Troll) by HammeredGlass on Monday November 14 2022, @04:42PM (16 children)
you warmongers love to point at Russia because they are weak from imperialist sanctions and isolation.
i want to see you warmongers target China, but you're all in their pockets, and you are scared of them.
gtfo and diaf
all warmongers are evil, especially when you get involved in other people's wars
the only just war is one where you are defending yourself against an attacker
p.s. i don't care about eurotrash and never will
(Score: 1) by khallow on Tuesday November 15 2022, @02:47AM (15 children)
So those sanctions work? Good. And let us keep in mind that if Russia didn't want to run afoul of the imperialist warmongers, they merely needed to not invade Ukraine.
I find it interesting how Orwellian the language is here. Russia did a blatantly imperialistic warmongering move in invading Ukraine. True fact. Yet when the media (no doubt the Western media propagandists) reports a relatively mild Russian shenanigan, the reporting is superserious warmongering. Well, how much war has the decades of reporting on this sort of hacking resulted in? Not much - if you choose to look.
It's time to think for yourself. Not kiss Big Brother's ass.
(Score: 1) by HammeredGlass on Tuesday November 15 2022, @02:59PM (14 children)
Russia's war is bad, but it's not in anyway bad for America, and America shouldn't care.
America conducting soft wars through diplomatic imperialism is also bad, and America should care, especially considering that Russia's war with Ukraine only matters to some Americans because of the corrupt investment they have in Ukraine.
(Score: 2) by Gaaark on Tuesday November 15 2022, @07:17PM (6 children)
Russia invading Ukraine is bad for European security. European security being compromised is bad for North America and the World. Do you not remember World War 2?
Watch The Man in the High Tower.
“Those who cannot remember the past are condemned to repeat it.”
Hitler wouldn't have been contained just to Europe/Asia: Putin would love to do the same.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 0, Troll) by HammeredGlass on Tuesday November 15 2022, @07:37PM (5 children)
i don't give a flying fuck about eurotrash and never will
WWII was a waste of American lives and we should not have been involved in that giant boondoggle either
(Score: 2, Disagree) by khallow on Tuesday November 15 2022, @11:53PM (4 children)
We were talking about stuff bad for America, not stuff that you claim to care about. Once again, setting things up for another massive European war is bad for America. That's why the US is involved in Ukraine.
(Score: 1) by HammeredGlass on Wednesday November 16 2022, @07:52PM (3 children)
We're involved with Ukraine because it is a handy money laundering tool for U.S. politicians "Hi FTX".
We're involved with Ukraine because people like John Kerry, Joe Biden, and Nancy Pelosi get their relatives on to Ukrainian gas company boards.
We're involved there because the Israelis always want to stick it to Russia because there is a competing Jewish hegemony in Russia that doesn't align with the petty Zionist concerns.
We're also involved because of all of the bluster about going green by the Eurotrash all the while they buy natural gas from Russia to keep from freezing after they shut down nuclear power plants and they would rather let soldiers die while committing "regime change" so that they can have their own power running things in Russia for their profit.
(Score: 1) by khallow on Thursday November 17 2022, @12:56AM (2 children)
And we're involved because Russia tried to regrow the USSR with no end in sight. All those groups you disparage are vastly better for the US to support. In particular, a Jewish hegemony in Russia would be vastly better than the present fascist government.
(Score: 1) by HammeredGlass on Thursday November 17 2022, @01:23AM (1 child)
" Jewish hegemony in Russia would be vastly better than the present fascist government."
this already exists. they both operate together hand in glove.
(Score: 1) by khallow on Thursday November 17 2022, @04:41AM
(Score: 1) by khallow on Tuesday November 15 2022, @10:31PM (6 children)
Corrupt investments in Ukraine checks the box. And tyrannies that invade innocent neighbors check the box as well.
(Score: 1) by HammeredGlass on Tuesday November 15 2022, @10:37PM (5 children)
i hate warmongers more than any other class of despicable persons
(Score: 1) by khallow on Tuesday November 15 2022, @11:46PM (4 children)
(Score: 1) by HammeredGlass on Wednesday November 16 2022, @07:48PM (3 children)
I despise those foreign powers that try to involve the U.S.
Ukraine involves the U.S., Russia does not.
At least not since we gave Russia a lot of our Uranium.
(Score: 1) by khallow on Thursday November 17 2022, @12:52AM (2 children)
There's that doublethink again. Russia involved a lot of US allies by invading Ukraine, and thus, involved the US. No "try" either.
(Score: 1) by HammeredGlass on Thursday November 17 2022, @01:25AM (1 child)
you're finally getting to the meat of the issue---> Ukraine!
criminal conspirators and imperialist assholes are the reason we give a fuck about Ukraine.
we do not have any legitimate reason to be involved with Ukraine.
stop being obtuse
(Score: 1) by khallow on Thursday November 17 2022, @04:30AM
Unfortunately for your narrative, those "criminal conspirators and imperialist assholes" have Russian names - like Vladimir Putin. I continue to find it interesting how you can go on and on about this while ignoring the lion's share of the problem.
We have more reason than Russia does.
(Score: 4, Insightful) by Gaaark on Monday November 14 2022, @04:52PM (7 children)
Is this not really ANOTHER reason to drop Microsoft's products all together?
At least to put everything onto linux and have Windoze running in a VM?
Soooo... how's that TCO working for you, Windows users? Lower than switching to linux? That's just for one attack...
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 3, Interesting) by canopic jug on Monday November 14 2022, @05:40PM (6 children)
These ongoing breaches have been caused by the capture of most of the Ukrainian infrastructure by M$ which has shoehorned what it can into the failure labeled Azure. M$ is then able to fake growth for Azure by "donating" so much of its otherwise vacant capacity.
As a side effect, Ukraine's infrastructure is as a result fully permeable by hostile actors at a level never before even imaginable. Even though Ukraine is getting these "services" at a very low financial cost, it is coming at the cost of their systems' integrity and availability. There's your TCO for you. As far as Ukraine is concerned M$ is a very hostile actor in this context. The only benefit would be that the US has complete and thorough oversight of every activity inside Azure. However, that benefit comes at the cost of the Kremlin having a rather easy time of making hostilities on the cyber front.
Money is not free speech. Elections should not be auctions.
(Score: 1, Touché) by Anonymous Coward on Monday November 14 2022, @06:35PM (2 children)
When I google for: Donation of Azure services to Ukraine
I get this recent link, https://www.theregister.com/2022/11/04/microsoft_ukraine_tech_support/ [theregister.com]
But oddly enough, when I search for your subject line, with English mis-spelling and quotes:
"Donatation" of Azure "services" to Ukraine
there are only a few hits and most of them are in Russian.
Can anyone explain that? Not that I expect anyone to understand Google search, but why the misspelled word would trigger Russian language links.
(Score: 0) by Anonymous Coward on Monday November 14 2022, @06:58PM (1 child)
(Score: 0) by Anonymous Coward on Monday November 14 2022, @07:25PM
No, that's not it. My first search (with correct spelling of Donation) also included "Ukraine" and it didn't generate Russian links.
(Score: 0, Troll) by HammeredGlass on Monday November 14 2022, @06:40PM (1 child)
"have been caused by the capture of most of the Ukrainian infrastructure by"
what part of Ukrainian infrastructure hasn't been captured by corrupt western powers?
(Score: 2, Touché) by khallow on Tuesday November 15 2022, @02:49AM
The part that hasn't been invaded by Russia?
(Score: 2) by Sjolfr on Monday November 14 2022, @08:34PM
Ransomeware/viruses/spyware/worms/you-name-it ... seems to only exist in M$ environments. Hmmmm .....
(Score: 3, Insightful) by Snotnose on Monday November 14 2022, @09:12PM (3 children)
Russia (and everyone else) attacks Windows because 90% of the computers they care about run it. I suspect that at this point Windows is one of the most secure systems out there today.
What do you think will happen when 90% of the attacks go against Linux systems? I'm guessing a whole lot of them will be effective, because Linux, much as I love it, hasn't had to deal the the onslaught Windows has. Granted, Linux is more secure by design because it came from a world of multiple users on a single machine, whereas Windows didn't even have an admin account until they were forced to.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 0) by Anonymous Coward on Monday November 14 2022, @11:21PM
Umm you probably need to follow your advice a little. Its not even a Windows vs Linux or Cloud vs Physical DCs debate. Having worked in lots of organizations across different sectors for the last 20+ years, its how the corporate view IT as a cost and they continue to try to minimize operational costs and continue to get away with doing bare minimum when it comes to cyber security.
(Score: 3, Informative) by Gaaark on Tuesday November 15 2022, @01:47AM
More servers run linux than Windows:
https://w3techs.com/technologies/comparison/os-linux,os-windows [w3techs.com]
Servers are where the data is. Why do they not hack linux servers as much as they do Windows servers? Because Windows servers are easier to hack.
https://soylentnews.org/article.pl?sid=22/11/13/1343217 [soylentnews.org]
THAT didn't happen on linux servers.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 1) by khallow on Tuesday November 15 2022, @05:09AM
A whole lot less drama. There really is a huge difference in how Linux and Windows approach security and it results in a substantially more secure system on the Linux side.
One example of many.
(Score: 4, Interesting) by jb on Tuesday November 15 2022, @02:36AM
There, FTFY.
Think that's going too far? Then think again. These days that bunch of crooks actually ship spyware baked into the operating system itself. In infosec today, if you think of Microsoft as anything other than yet another adversary then you've completely misunderstood the problem...