tldrdaily.news logo
Tag

Sandworm

All articles tagged with #sandworm

Coordinated Wiper Attacks Hit 30+ Renewable Farms, Sparking Grid Security Concerns
technology1 month ago

Coordinated Wiper Attacks Hit 30+ Renewable Farms, Sparking Grid Security Concerns

CERT Polska disclosed a coordinated, destructive cyber campaign on Dec 29, 2025 that hit more than 30 wind/solar farms and a CHP plant, disrupting substation communications but not stopping electricity or heat delivery. The attackers deployed wipers (DynoWiper, LazyWiper) via compromised Fortinet devices and Active Directory, used multiple accounts with no two-factor authentication, and leveraged Tor/IPs to access energy networks, with several variants and likely LLM involvement; data was also exfiltrated from OT/cloud services. Attribution to Static Tundra tied to Russia's FSB is stated by CERT Polska, though some researchers link activity to Sandworm.

via The Hacker News|
#cert-polska#cyberattack#dynowiper
Russia-linked wiper targets Poland’s grid but power stays on
technology1 month ago

Russia-linked wiper targets Poland’s grid but power stays on

Poland’s electric grid was targeted by a new wiper malware, allegedly from Russia’s Sandworm group, on the late-December anniversary of a Ukraine grid attack. The payload, dubbed DynoWiper, aimed to disrupt communications between renewables and grid operators but did not cause a blackout. Attribution is at medium confidence and researchers say there’s no evidence of disruption, with several possible reasons the attack failed.

via Ars Technica|
#cyberattack#energy-grid#poland
Sandworm Linked to 2025 Poland Power Grid Attack via DynoWiper, Says ESET
technology1 month ago

Sandworm Linked to 2025 Poland Power Grid Attack via DynoWiper, Says ESET

ESET researchers attribute the late-2025 Poland power grid attack to the Russia-aligned Sandworm APT with medium confidence, identifying the data-wiping malware DynoWiper (Win32/KillFiles.NMO). There are no reports of disruption; the incident aligns with Sandworm’s ongoing wiper activity in Ukraine and falls on the 10th anniversary of the 2015 Ukrainian grid attack.

via WeLiveSecurity|
#apt#dynowiper#poland
Russia-Linked Wiper Attack on Poland’s Power Grid Foiled
technology1 month ago

Russia-Linked Wiper Attack on Poland’s Power Grid Foiled

European security firm ESET says a December attack on Poland’s energy sector used a destructive wiper called DynoWiper with the aim of causing outages; the attack was blocked before any power was cut, though it could have affected up to about 500,000 people. Authorities attribute the operation to Russia’s Sandworm/GRU, marking a notable disruptive cyber threat against Poland’s energy infrastructure and underscoring the risk of wiper campaigns.

via zetter-zeroday.com|
#cybersecurity#energy#poland
cybersecurity1 year ago

Russian Military-Linked Hackers Suspected in Texas Water Facility Cyberattack

The Russian intelligence unit Sandworm, known for previous cyberattacks, may be behind a recent water supply hack in Texas, with a group claiming responsibility online. Cybersecurity firm Mandiant found links between the group and Sandworm, suggesting a potential connection to Russia's military spy agency, GRU. U.S. intelligence officials have not confirmed the link, but the close association raises concerns about critical U.S. infrastructure security.

via The Daily Beast|
#cybersecurity#russian-spy-agency#sandworm
Russian Military-Linked Hackers Sabotage US Water Utilities
cybersecurity1 year ago

Russian Military-Linked Hackers Sabotage US Water Utilities

A group of hackers linked to Russia's military intelligence unit, Sandworm, known as Cyber Army of Russia Reborn, has claimed credit for targeting the digital systems of water utilities in the United States, Poland, and France, attempting to sabotage critical infrastructure. The group has posted videos on Telegram showing their manipulation of control systems in these utilities, causing disruptions such as overflowing water tanks in Texas and tampering with a small water mill in France. A new report by cybersecurity firm Mandiant has linked Cyber Army of Russia Reborn to Sandworm, raising concerns about the group's aggressive and dangerous actions, which go beyond previous cyberattacks attributed to Sandworm.

via WIRED|
#cyberattacks#cybersecurity#russia
"Russian Cyber Offensive Disrupts Ukrainian Telecom, Signaling Escalation in Cyber Warfare"
cybersecurity2 years ago

"Russian Cyber Offensive Disrupts Ukrainian Telecom, Signaling Escalation in Cyber Warfare"

Russian hackers, believed to be part of the Sandworm group, launched a cyberattack on Kyivstar, Ukraine's largest telecom service provider, wiping thousands of systems and causing significant service disruptions for millions of subscribers. The attack, which was prepared for months, did not affect military communications due to different protocols used by Ukraine's Defense Forces. The Security Service of Ukraine (SSU) has been investigating the incident and confirmed the involvement of the Sandworm group, which has also targeted other Ukrainian telecom operators.

via BleepingComputer|
##cybersecurity#kyivstarattack
"Ukraine Accuses Russian Hackers of Long-Term Telecom Breach Amidst War Tensions"
cybersecurity2 years ago

"Ukraine Accuses Russian Hackers of Long-Term Telecom Breach Amidst War Tensions"

Ukrainian officials reported that Russian hackers, believed to be part of the Sandworm cyberwarfare unit, infiltrated the network of Ukraine's largest telecom provider, Kyivstar, from at least May 2023, leading to significant service disruptions in December. The cyberattack wiped out critical infrastructure, affecting over 24 million customers and causing widespread communication issues, including in areas affected by the ongoing conflict with Russia. This incident highlights the vulnerability of even large-scale networks to sophisticated cyber espionage and sabotage operations.

via POLITICO Europe|
##cyberattack#cybersecurity
"Report Reveals Russian Hackers Infiltrated Ukraine Telecom for Months Before Cyberattack"
cybersecurity2 years ago

"Report Reveals Russian Hackers Infiltrated Ukraine Telecom for Months Before Cyberattack"

Russian hackers infiltrated Kyivstar, Ukraine's largest telecom provider, for several months before executing a significant cyberattack in December. The Security Service of Ukraine's cybersecurity chief described the attack as disastrous, with the dual purpose of intelligence gathering and psychological impact. The hacking group Solntsepek claimed responsibility, but Ukrainian officials believe Russia's military intelligence unit Sandworm was behind it, signaling a warning to the Western world about cybersecurity vulnerabilities.

via The Daily Beast|
##cyberattack#cybersecurity
"Russian Cyber Intrusion Persisted for Months in Ukraine Telecom"
cybersecurity2 years ago

"Russian Cyber Intrusion Persisted for Months in Ukraine Telecom"

Ukrainian telecoms giant Kyivstar was the target of a significant cyberattack by Russian hackers, believed to be the military spy unit Sandworm, who had access to the system since at least May 2023. The attack, which coincided with Ukrainian President Zelenskiy's visit to Washington, resulted in the destruction of Kyivstar's "core," affecting services for millions and potentially compromising personal data. Despite the severity, the Ukrainian military's operations were not strongly impacted, and Kyivstar's services have been fully restored. The SBU is still investigating the exact penetration method, while the attack serves as a stark warning to the West about the capabilities and intentions of Russian cyber warfare.

via Reuters|
##cyberattack#cybersecurity
"Russian Cyber Incursion: Months Inside Ukraine's Telecoms Amidst War Tensions"
cybersecurity2 years ago

"Russian Cyber Incursion: Months Inside Ukraine's Telecoms Amidst War Tensions"

Russian hackers infiltrated the systems of Ukraine's largest telecom operator, Kyivstar, from at least May 2023, causing significant service disruptions for millions of users in December. The Security Service of Ukraine (SBU) believes the group behind the attack is Sandworm, a Russian military intelligence cyber unit. The attack aimed to deliver a psychological blow, gather intelligence, and caused extensive damage to Kyivstar's infrastructure. Despite the severity, no major impact on Ukraine's military communications was reported, and personal data leaks have not been confirmed. The SBU and Kyivstar are working closely to investigate and prevent future cyber threats.

via Yahoo News|
##cyberattack#cybersecurity
Russian Military-Linked Hackers Claim Responsibility for Ukrainian Telecom Cyberattack
cybersecurity2 years ago

Russian Military-Linked Hackers Claim Responsibility for Ukrainian Telecom Cyberattack

The hacker group Sandworm, linked to Russia's GRU military intelligence agency, has claimed credit for a cyberattack on Kyivstar, one of Ukraine's largest mobile and internet providers. The attack resulted in essential services being blocked and limited access to the company's infrastructure. While the Ukrainian government and cybersecurity experts have not publicly attributed the attack to Sandworm, a group called Solntsepek, believed to be a front for Sandworm, claimed responsibility in a Telegram post. The attack on Kyivstar is seen as one of the most disruptive cyberattacks in Ukraine since Russia's invasion in 2022, with potential implications for intelligence-gathering, military communications, and civilian alerts.

via WIRED|
#cyberattack#cybersecurity#kyivstar
"Russian Hackers Employ LOTL Technique for Power Outage Attacks"
cybersecurity2 years ago

"Russian Hackers Employ LOTL Technique for Power Outage Attacks"

Russian state hackers known as Sandworm have adopted living-off-the-land (LOTL) techniques to breach industrial control systems (ICS) more efficiently and with less detectable malware. In a recent attack on a Ukrainian critical infrastructure organization, Sandworm used a native binary to send commands to the SCADA system, resulting in a power outage. The hackers also deployed data-destroying malware to further disrupt the environment. Security researchers believe that Sandworm's shift to LOTL techniques and their ability to recognize new OT threat vectors indicate a growing maturity in Russia's offensive OT arsenal, making them capable of carrying out attacks against OT systems from different vendors.

via BleepingComputer|
#cybersecurity#industrial-control-systems#living-off-the-land-techniques
Russian Hackers Cause Blackout in Ukraine During Missile Strike
cybersecurity2 years ago

Russian Hackers Cause Blackout in Ukraine During Missile Strike

The Russian hacking group Sandworm, also known as Unit 74455 of Russia's GRU spy agency, has carried out a third successful power grid attack in Ukraine, causing a blackout for an unknown number of civilians. This attack coincided with missile strikes targeting Ukrainian critical infrastructure, making it a combination of digital and physical warfare. The hackers used a "living off the land" approach, exploiting legitimate tools already present on the network to cause the blackout. The incident suggests coordinated cyber and physical attacks, potentially aimed at sowing chaos and complicating defense efforts.

via WIRED|
#cyberattack#cybersecurity#missile-strike
Ukraine Successfully Foils Breach of Military Tablets
cybersecurity2 years ago

Ukraine Successfully Foils Breach of Military Tablets

Ukrainian security services have foiled an attempt by Russian state-controlled hackers, believed to be the Sandworm group, to breach the battlefield management system used by the Ukrainian military. The hackers aimed to gain access to sensitive information related to military operations, equipment, and movements by infecting Android tablets used by the military. The attack involved the use of at least seven new custom malware strains, including info-stealing malware and programs disguised as legitimate software. This is the latest in a series of cyberattacks by Sandworm targeting Ukraine's critical networks.

via The Record from Recorded Future News|
#cybersecurity#hacking#military