Sandworm rolls out Industroyer2 malware against Ukraine

A new variant of the Industroyer malware, used to great effect against the Ukrainian energy sector by Russia’s Sandworm or Voodoo Bear advanced persistent threat (APT) group in 2016, has been identified by researchers from ESET, working in tandem with Ukraine’s national Computer Emergency Response Team, CERT-UA. Predictably dubbed Industroyer2, it was used in an attempted cyber attack on a Ukraine-based energy company on the evening of Friday 8 April 2022. The attack used an ICS-capable malware and disk wipers against Windows, Linux and Solaris operating systems at the target’s high-voltage electrical substations. The Industroyer2 malware was compiled on 23 March, suggesting the attack had been planned for some time, and the initial compromise took place in February according to CERT-UA. Sandworm also used a number of other destructive malwares in its attack, including the recently identified CaddyWiper, Orcshred, Soloshred and Awfulshred.

Full story : Sandworm rolls out Industroyer2 malware against Ukraine.

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.