| ID | Votes | Profile Description |
|---|---|---|
| Industroyer | 3 | Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma |
| Cosmicenergy | 2 | CosmicEnergy is a form of malware allegedly originating from Russia that targets industrial control systems, specifically those associated with electrical grids. Unlike other forms of malware, CosmicEnergy lacks the built-in functionality to autonomously discover and identify target systems within a |
| Incontroller | 1 | Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as P |
| Crashoverride | 1 | CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abus |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CaddyWiper | Unspecified | 4 | CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip |
| HermeticWiper | Unspecified | 2 | HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro |
| Pipedream | Unspecified | 1 | Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It |
| WhisperGate | Unspecified | 1 | WhisperGate is a type of malware, specifically a wiper, that was used extensively in cyberattacks against Ukrainian organizations throughout 2022. It was one of several malicious software tools deployed by Russian Advanced Persistent Threat (APT) actors, alongside others such as AwfulShred, CaddyWip |
| Nikowiper | Unspecified | 1 | NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on |
| Lightwork | Unspecified | 1 | Lightwork is a disruptive malware tool written in C++, designed to manipulate the state of Remote Terminal Units (RTUs) over TCP using the IEC-104 protocol. It operates alongside another component called Piehop, both of which are part of a new malware system known as CosmicEnergy. According to cyber |
| Isaacwiper | Unspecified | 1 | IsaacWiper is a malicious software (malware) that has been identified as part of a series of cyberattacks against Ukraine in 2022. The malware is known to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, IsaacWiper can disru |
| Prestige | Unspecified | 1 | Prestige is a type of malware attributed to the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. This malicious software was used in ransomware attacks against Ukrainian and Polish logistics companies in October 2022. The deployment of Prestige coincided with reported instances of ran |
| Trisis | Unspecified | 1 | TRISIS, also known as TRITON, is a particularly dangerous form of malware that targets safety instrumented systems (SIS) of industrial facilities. It was first identified in 2017 when it targeted a petrochemical facility in Saudi Arabia. The malware specifically attacked Triconex SIS controllers, wh |
| Stuxnet | Unspecified | 1 | Stuxnet, a notorious malware discovered in 2010, is one of the most infamous Advanced Persistent Threat (APT) attacks in history. This military-grade cyberweapon was co-developed by the United States and Israel to specifically target Iran's nuclear enrichment facility at Natanz. The Stuxnet worm, a |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sandworm | Unspecified | 4 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| Havex | Unspecified | 1 | Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. First spotted in 2013, Havex was part of a broad industrial espionage campaign that specifically targeted Supervisory Control and Data Acquisition (SCADA) and Industrial Control Syst |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sandworm’s Industroyer2 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 3 months ago | Previously unknown Kapeka backdoor linked to Sandworm APT |
| CERT-EU | a year ago | Russian cyber war tactics continue to evolve, says SBU - TechCentral.ie |
| CERT-EU | 7 months ago | Analysis of OT cyberattacks and malwares |
| Securityaffairs | 7 months ago | Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months |
| BankInfoSecurity | 8 months ago | Ukraine Tracks a Record Number of Cyber Incidents During War |
| Securityaffairs | 9 months ago | Russian Sandworm disrupts power in Ukraine with a new OT attack |
| Securityaffairs | 9 months ago | Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers |
| CERT-EU | a year ago | CosmicEnergy’s threat to critical infrastructure in dispute |
| ESET | a year ago | 2022 in review: 10 of the year’s biggest cyberattacks | WeLiveSecurity |
| Securityaffairs | a year ago | Sandworm APT uses WinRAR in destructive attacks on Ukraine |
| DARKReading | a year ago | A Brief History of ICS-Tailored Attacks |
| CSO Online | a year ago | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage |
| ESET | a year ago | A year of wiper attacks in Ukraine | WeLiveSecurity |
| CERT-EU | a year ago | APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc. |
| CERT-EU | a year ago | CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored |
| CERT-EU | a year ago | Britain to double cyber defense funding for Ukraine |
| Securityaffairs | a year ago | Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware |
| Securityaffairs | a year ago | Google TAG warns of Russia-linked APT groups targeting Ukraine |
| Securityaffairs | a year ago | Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal |
| CERT-EU | a year ago | Microsoft Digital Defense Report: Trends In Device and Infrastructure Attacks |