One in every of the world’s most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks within the country’s ongoing war against neighboring Ukraine, researchers reported Thursday.
In April, the group targeted a Ukrainian university with two wipers, a type of malware that goals to permanently destroy sensitive data and infrequently the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to “eat some goulash,” researchers from ESET said. The opposite wiper is tracked as Zerlot.
A not-so-common goal
Then, in June and September, Sandworm unleashed multiple wiper variants against a bunch of Ukrainian critical infrastructure targets, including organizations lively in government, energy, and logistics. The targets have long been within the crosshairs of Russian hackers. There was, nevertheless, a fourth, less common goal—organizations in Ukraine’s grain industry.
“Although all 4 have previously been documented as targets of wiper attacks in some unspecified time in the future since 2022, the grain sector stands out as a not-so-frequent goal,” ESET said. “Considering that grain export stays certainly one of Ukraine’s most important sources of revenue, such targeting likely reflects an try and weaken the country’s war economy.”
Wipers have been a favourite tool of Russian hackers since at the very least 2012, with the spreading of the NotPetya worm. The self-replicating malware originally targeted Ukraine, but eventually caused international chaos when it spread globally in a matter of hours. The worm resulted in tens of billions of dollars in financial damages after it shut down hundreds of organizations, many for days or even weeks.
