Ukraine blames Sandworm for wiper attack on news agency


Ukraine’s cyber watchdog says hackers linked to the Russian government are likely culprits behind a recent cyberattack on the country’s national news agency Ukrinform.

A preliminary investigation by the Computer Emergency Response Team of Ukraine (CERT-UA) linked the January 17 wiper attack on Ukrinform with Russia’s Main Directorate of the General Staff of the Armed Forces (GRU).

According to CERT-UA, threat actors aimed to disrupt the Ukrainian news agency using the CaddyWiper malware against the organization. First discovered last year, CaddyWiper erases user data and partition information from attached drives.

ADVERTISEMENT

Ukrainian authorities say that the characteristics of the attack point to the Sandworm (UAC-0082) collective. The GRU-related hacker collective has been among the most active in targeting Ukraine since Russia launched the full-scale invasion of the Eastern European country last year.

CERT-UA added that the Russian hacker community bragged about the Ukrinform attack on the Telegram channel “CyberArmyofRussia_Reborn.” However, Kyiv authorities consider the Russian attack a failure.

Yurii Shchyhol, head of the State Special Communications Service of Ukraine (SSSCIP), called the attack yet another attempt to “wipe out the truth” and pointed out that Russia targeted radio and TV transmitting towers with kinetic attacks involving missiles.

“Russians have been trying to cut off Ukrainians from the information on the current situation and the course of the war since the early days of the full-scale invasion. They have shut off Ukrainian TV, the Internet, and mobile communication in the territories, temporarily controlled by the enemy,” Shchyhol said.

Earlier, Shchyhol proposed establishing a “Cyber United Nations” to protect the world from cyberattacks amid the ongoing hostility from Russia. The union would most definitely exclude Russia and its allies, such as Iran, which is believed to be supplying drones to support the Kremlin’s war in Ukraine.

Since the war outbreak, Ukraine has been constantly hit with cyberattacks from Russia. As such, Ukrainian state-owned telecommunications company Ukrtelecom experienced a cyberattack in June, attempting to disrupt Ukraine’s military communications. Similarly, Ukrainian government websites have been hit by distributed denial-of-service (DDoS) attacks.

ADVERTISEMENT