The hacking group Microsoft ID'd is among the world's most cutthroat and skilled
Microsoft on Thursday fingered Russia's military intelligence arm as the likely culprit behind ransomware attacks last month that targeted Polish and Ukrainian transportation and logistics organizations.
If the assessment by members of the Microsoft Security Threat Intelligence Center (MSTIC) is correct, it could be cause for concern for the US government and its European counterparts. Poland is a member of NATO and a staunch supporter of Ukraine in its bid to stave off an unprovoked Russian invasion. The hacking group the software company linked to the cyberattacks—known as Sandworm in wider research circles and Iridium in Redmond, Washington—is one of the world's most talented and destructive and is widely believed to be backed by Russia's GRU military intelligence agency.
Sandworm has been definitively linked to the NotPetya wiper attacks of 2017, a global outbreak that a White House assessment said caused $10 billion in damages, making it the most costly hack in history. Sandworm has also been definitively tied to hacks on Ukraine's power grid that caused widespread outages during the coldest months of 2016 and again in 2017.
Last month, Microsoft said that Poland and Ukraine transportation and logistics organizations had been the target of cyberattacks that used never-before-seen ransomware that announced itself as Prestige. The threat actors, Microsoft said, had already gained control over the victim networks. Then in a single hour on October 11, the hackers deployed Prestige across all its victims.
Once in place, the ransomware traversed all files on the infected computer's system and encrypted the contents of files that ended in .txt, .png, gpg, and more than 200 other extensions. Prestige then appended the extension .enc to the existing extension of the file. Microsoft attributed the attack to an unknown threat group it dubbed DEV-0960.
On Thursday, Microsoft updated the report to say that based on forensic artifacts and overlaps in victimology, tradecraft, capabilities, and infrastructure, researchers determined DEV-0960 was very likely Iridium.
(Score: 1) by HammeredGlass on Wednesday November 16 2022, @07:48PM (3 children)
I despise those foreign powers that try to involve the U.S.
Ukraine involves the U.S., Russia does not.
At least not since we gave Russia a lot of our Uranium.
(Score: 1) by khallow on Thursday November 17 2022, @12:52AM (2 children)
There's that doublethink again. Russia involved a lot of US allies by invading Ukraine, and thus, involved the US. No "try" either.
(Score: 1) by HammeredGlass on Thursday November 17 2022, @01:25AM (1 child)
you're finally getting to the meat of the issue---> Ukraine!
criminal conspirators and imperialist assholes are the reason we give a fuck about Ukraine.
we do not have any legitimate reason to be involved with Ukraine.
stop being obtuse
(Score: 1) by khallow on Thursday November 17 2022, @04:30AM
Unfortunately for your narrative, those "criminal conspirators and imperialist assholes" have Russian names - like Vladimir Putin. I continue to find it interesting how you can go on and on about this while ignoring the lion's share of the problem.
We have more reason than Russia does.