Who: Russia’s APT44, also known as Sandworm, launched a major cyber assault on Ukrainian critical infrastructure in March, targeting 20 sites, according to Ukraine’s CERT.
What: The attack impacted energy, heating, and water facilities across 10 regions of Ukraine. At least three supply chains were breached to deliver compromised software updates or use third-party credentials to access targeted networks. Two new Linux backdoors, named "Biasboat" and "Loadgrip," were discovered during the investigation.
Impact: The cyberattack, attributed to APT44, aimed to amplify the impact of missile strikes on Ukraine. The malware, including Queueseed and Gossipflow, enabled data exfiltration and secure command-and-control communications. Despite CERT-UA's efforts to mitigate the attacks, poor cyber-defensive practices within the targeted organizations, such as inadequate network segmentation and supplier negligence, limited their effectiveness.
Read the full article HERE