Russian Hackers Unleash Destructive Wiper Attacks on Ukraine
▼ Summary
– The Russian state-controlled hacking group Sandworm launched destructive cyberattacks against Ukraine as part of the ongoing war.
– In April, Sandworm targeted a Ukrainian university with two wipers named Sting and Zerlot, designed to permanently destroy data and infrastructure.
– The group also attacked Ukrainian critical infrastructure in government, energy, and logistics sectors in June and September, including the less common grain industry.
– Targeting the grain sector is seen as an attempt to weaken Ukraine’s war economy, as grain exports are a major revenue source for the country.
– Russian hackers have used wipers since at least 2012, with the NotPetya worm causing global chaos and tens of billions in damages after initially targeting Ukraine.
A sophisticated and destructive cyber campaign, attributed to the Russian state-controlled hacking unit known as Sandworm, has struck multiple sectors within Ukraine, according to recent findings. These attacks form part of the broader digital offensive accompanying Russia’s military operations. In April, researchers identified two distinct wiper malware strains deployed against a Ukrainian university. Wiper malware is designed to permanently erase critical data and disable the underlying systems, posing a severe threat to institutional operations. One of these, named Sting, was configured to attack Windows-based computers by initiating a scheduled task with a peculiar Russian slang-derived title. The second wiper involved in the incident is identified as Zerlot.
Later, in June and September, the same threat actor released several variants of wipers aimed at vital Ukrainian infrastructure. Sectors including government, energy, and logistics, all frequent targets of Russian cyber operations, were hit. Notably, a less common but strategically significant industry was also attacked: Ukraine’s grain sector. Analysts pointed out that while these four sectors have faced wiper attacks since 2022, the grain industry has not been targeted as often. Given that grain exports represent a major revenue stream for Ukraine, this targeting appears calculated to undermine the nation’s economic stability and wartime resilience.
The use of wipers by Russian hackers is not new; it dates back over a decade. A prominent example is the 2017 NotPetya worm, which initially targeted Ukrainian entities but rapidly spread worldwide. This self-propagating malware inflicted global disruption, paralyzing thousands of organizations for extended periods and leading to financial losses estimated in the tens of billions of dollars. The recurrence of such aggressive cyber tools underscores their continued role in state-sponsored digital assaults.
(Source: Ars Technica)
