Ukrainian cybersecurity authorities have uncovered a plot by the notorious Sandworm hacking group to launch cyberattacks against nearly 20 critical infrastructure facilities nationwide.
According to CERT-UA, Ukraine’s Computer Emergency Response Team, Sandworm intended to unleash a multi-pronged attack utilizing a combination of malware, known vulnerabilities, and network infiltration techniques.
The group’s arsenal included:
- LOADGRIP and BIASBOAT malware: These malicious programs would have been deployed to infect initial targets within the critical infrastructure facilities’ IT systems.
- QUEUESEED backdoor: This persistent backdoor, active since 2022, would have granted Sandworm remote access and control over compromised systems.
- Exploitation of vendor software vulnerabilities: Sandworm planned to exploit unpatched vulnerabilities in software used by the facilities’ industrial control systems (ICS).
- Lateral movement within networks: Once gaining a foothold, the attackers would have employed various techniques to move undetected across the networks, expanding their reach and escalating the attacks.
- Disruption of ICS operations: The ultimate goal was to disrupt or disable critical ICS components, potentially leading to widespread power outages, water supply disruptions, and heating failures.
Additional malicious tools CERT-UA discovered during the investigation are from the open source space and include the Weevly webshell, the Regeorg.Neo, Pitvotnacci, and Chisel tunnelers, LibProcessHider, JuicyPotatoNG, and RottenPotatoNG.
(Translated via Gemini AI)
