A new variant of the Industroyer malware, used to great effect against the Ukrainian energy sector by Russia’s Sandworm or Voodoo Bear advanced persistent threat (APT) group in 2016, has been identified by researchers from ESET, working in tandem with Ukraine’s national Computer Emergency Response Team, CERT-UA. Predictably dubbed Industroyer2, it was used in an attempted cyber attack on a Ukraine-based energy company on the evening of Friday 8 April 2022. The attack used an ICS-capable malware and disk wipers against Windows, Linux and Solaris operating systems at the target’s high-voltage electrical substations. The Industroyer2 malware was compiled on 23 March, suggesting the attack had been planned for some time, and the initial compromise took place in February according to CERT-UA. Sandworm also used a number of other destructive malwares in its attack, including the recently identified CaddyWiper, Orcshred, Soloshred and Awfulshred.
Full story : Sandworm rolls out Industroyer2 malware against Ukraine.
