Russian hackers used new malware to target Ukrainian energy sector
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Megan Robinson/Axios
Suspected Russian hackers deployed a new malware wiper against a Ukrainian energy sector company right as Russian armed forces started launching missiles against Ukraine's broader energy infrastructure late last year.
Driving the news: Researchers at Slovakian cyber company ESET found in a report released today that Russian state-sponsored hacking group Sandworm targeted the unnamed company in October with a data-wiping malware.
- ESET researchers have named the new malware strain "NikoWiper," and it's based on SDelete, a Microsoft utility tool used to delete files.
Why it matters: While the Russian "cyber Armageddon" expected during the war in Ukraine hasn't happened, the new finding underscores how Russian military forces and hacking groups continue to share similar goals, the report notes.
Flashback: Russian hackers have routinely tied their malware and phishing attacks to larger, kinetic warfare in the last year.
- For instance, the day before the invasion began, Russia knocked several Ukrainian government websites and banks offline.
The big picture: News of October's seemingly coordinated attack comes amid renewed concerns this week about Russian cyberattacks on Western critical infrastructure.
- Last week, Russian hacktivist group Killnet threatened retaliatory attacks against German organizations after the German government promised to send new tanks to Ukraine.
- Killnet also spent the weekend threatening a longer list of Western organizations in its public Telegram channel — including medical organizations across the U.K., Finland, Norway, Poland, the Netherlands and the U.S.
- Yes, but: It appears Killnet hasn't followed through on any of those threats yet.
Sign up for Axios’ cybersecurity newsletter Codebook here.
