Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, conducted operations to disrupt information and communication systems at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA).
The Breakdown
Sandworm, believed to be associated with Russia's GRU, targeted energy, water, and heating suppliers in 10 regions of Ukraine.
The hackers used various tactics, including poisoning the supply chain and exploiting vulnerabilities in software to gain unauthorized access to the targeted networks.
Sandworm combined previously documented malware with new malicious tools to gain access and move laterally within the networks.
The compromised entities had poor cybersecurity practices, such as a lack of network segmentation and insufficient defenses at the software supplier level, making the breaches easier for the hackers.