ID | Votes | Profile Description |
---|---|---|
Sandworm | 6 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
CaddyWiper | 4 | CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip |
BlackEnergy | 4 | BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a |
Industroyer2 | 3 | Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's |
Crashoverride | 2 | CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abus |
Sandworm Team | 2 | The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy" |
Cosmicenergy | 1 | CosmicEnergy is a form of malware allegedly originating from Russia that targets industrial control systems, specifically those associated with electrical grids. Unlike other forms of malware, CosmicEnergy lacks the built-in functionality to autonomously discover and identify target systems within a |
Telebots | 1 | TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize |
Win32/exaramel | 1 | Win32/Exaramel is a type of malware, specifically a backdoor, that can infiltrate systems through suspicious downloads, emails, or websites. Once deployed by a dropper, it can exploit and damage the infected computer or device, potentially stealing personal information or disrupting operations. The |
Pipedream | 1 | Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It |
Lightwork | 1 | Lightwork is a disruptive malware tool written in C++, designed to manipulate the state of Remote Terminal Units (RTUs) over TCP using the IEC-104 protocol. It operates alongside another component called Piehop, both of which are part of a new malware system known as CosmicEnergy. According to cyber |
ID | Type | Votes | Profile Description |
---|---|---|---|
NotPetya | is related to | 4 | NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking |
Stuxnet | Unspecified | 1 | Stuxnet, a notorious malware discovered in 2010, is one of the most infamous Advanced Persistent Threat (APT) attacks in history. This military-grade cyberweapon was co-developed by the United States and Israel to specifically target Iran's nuclear enrichment facility at Natanz. The Stuxnet worm, a |
TRITON | Unspecified | 1 | Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and |
Acidpour | Unspecified | 1 | AcidPour is a newly identified malware that has been specifically designed to target Linux x86 devices. As a wiper, AcidPour's primary function is to erase data from the infected device, leading to significant disruptions in operations and potential loss of valuable information. The malware infiltra |
GreyEnergy | Unspecified | 1 | GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps |
ID | Type | Votes | Profile Description |
---|---|---|---|
Caddy Wiper | Unspecified | 1 | None |
ID | Type | Votes | Profile Description |
---|---|---|---|
Industroyer Crashoverride | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
DARKReading | 2 months ago | Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File |
DARKReading | 3 months ago | To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware |
DARKReading | 4 months ago | Russian APT Releases More Deadly Variant of AcidRain Wiper Malware |
CERT-EU | 5 months ago | Operational Technology Threats - ReliaQuest |
CERT-EU | 7 months ago | Analysis of OT cyberattacks and malwares |
CERT-EU | 8 months ago | Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack |
CERT-EU | 9 months ago | Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes |
InfoSecurity-magazine | 9 months ago | Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques |
DARKReading | 9 months ago | Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes |
CERT-EU | 10 months ago | Is Future Escalation in Cyber Conflict a Foregone Conclusion? |
CERT-EU | a year ago | Russian cyber war tactics continue to evolve, says SBU - TechCentral.ie |
DARKReading | a year ago | A Brief History of ICS-Tailored Attacks |
CERT-EU | a year ago | ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine |
CERT-EU | a year ago | TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System |
CERT-EU | a year ago | Can Cyber Insurance Help Legally Codify an International Definition for Cyber War? |
BankInfoSecurity | a year ago | Dutch Critical OT Systems Vulnerable to Hacks |
CERT-EU | a year ago | What is Cyberwar? |
CERT-EU | a year ago | CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored |
CERT-EU | a year ago | COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises |
CERT-EU | a year ago | CosmicEnergy’s threat to critical infrastructure in dispute |