Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place within an hour of each other across all victims.
The Microsoft Threat Intelligence Center (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), citing overlaps with Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear).
“This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity,” MSTIC said in an update.
The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige victims as far back as March 2022, before culminating in the deployment of the ransomware on October 11.
The method of initial compromise still remains unknown, although it’s suspected that it involved gaining access to highly privileged credentials necessary to activate the killchain.
“The Prestige campaign may highlight a measured shift in Iridium’s destructive attack calculus, signaling increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine,” the company said.
The findings come over a month after Recorded Future linked another activity group (UAC-0113) with ties to the Sandworm actor as having singled out Ukrainian users by masquerading as telecom providers in the country to deliver backdoors onto compromised machines.
Microsoft, in its Digital Defense Report published last week, further called out Iridium for its pattern of targeting critical infrastructure and operational technology entities.
“Iridium deployed the Industroyer2 malware in a failed effort to leave millions of people in Ukraine without power,” Redmond said, adding the threat actor used “phishing campaigns to gain initial access to desired accounts and networks in organizations within and outside Ukraine.”
The development also arrives amid sustained ransomware attacks aimed at industrial organizations worldwide during the third quarter of 2022, with Dragos reporting 128 such incidents during the time period compared to 125 in the previous quarter.
“The LockBit ransomware family account for 33% and 35% respectively of the total ransomware incidents that target industrial organizations and infrastructures in the last two quarters, as the groups added new capabilities in their new LockBit 3.0 strain,” the industrial security firm said.
Other prominent strains observed in Q3 2022 include Cl0p, MedusaLocker, Sparta, BianLian, Donuts, Onyx, REvil, and Yanluowang.
[url=http://seroqueltabs.online/]seroquel for bipolar disorder[/url]
[url=https://tretinointab.online/]where can i purchase retin a[/url]
[url=http://levitratabs.monster/]generic vardenafil 20mg[/url]
[url=https://propecial.online/]finasteride 1mg for sale[/url]
[url=http://prednisonetabs.shop/]prednisone 50 tablet[/url]
[url=https://fluoxetine.sbs/]prozac online usa[/url]
[url=http://zithromaxtabs.online/]zithromax no rx[/url]
[url=http://diflucantabs.shop/]where to get diflucan without a prescription[/url]
[url=http://fluoxetine.sbs/]generic prozac online[/url]
[url=http://elavilamitriptyline.online/]amitriptyline hcl[/url]
[url=https://amoxicillinmed.com/]augmentin 250 125 mg[/url]
[url=https://elavilamitriptyline.online/]endep[/url]
[url=https://afinasteride.com/]propecia minoxidil[/url]
[url=https://elavilamitriptyline.online/]amitriptyline brand name australia[/url] [url=https://antabusetabs.monster/]antabuse medication[/url] [url=https://retinatabs.online/]05 tretinoin gel[/url] [url=https://accutanetabs.online/]buy generic accutane uk[/url] [url=https://levitratabs.monster/]levitra in canada[/url] [url=https://propecia.sbs/]propecia for sale south africa[/url] [url=https://sildenafilrx.online/]viagra how to get a prescription[/url]
[url=http://disulfiramantabuse.online/]antabuse otc[/url]
[url=http://escitalopramlexapro.online/]buy lexapro online canada[/url]
[url=https://prednisonetabs.shop/]where can i get prednisone over the counter[/url]
[url=https://propeciafinasteride.org/]propecia for sale online[/url]
[url=http://vardenafilv.online/]cheapest levitra generic[/url]
[url=http://buykamagra.monster/]kamagra 100mg pills[/url]
[url=http://buycolchicine.life/]buy cheap colchicine[/url]
[url=http://finpecia.sbs/]cheapest propecia online uk[/url]
[url=https://propeciafinasteride.org/]cheapest generic propecia 5mg india fast shipping no prescription[/url]
[url=https://zoloftp.com/]zoloft 500mg[/url]
[url=http://buytadalafil20mg.com/]generic cialis online no prescription[/url]
[url=http://gabapentintabs.shop/]gabapentin 300mg price[/url]
[url=https://buymalegra.monster/]malegra pills[/url]
[url=https://buytadalafil20mg.com/]cialis otc us[/url]
[url=https://synthroidv.com/]synthroid 20[/url]
[url=http://tretinoinretina.shop/]retin a prescription cost uk[/url]
[url=https://fluoxetine.click/]fluoxetine tablet prices[/url]