NotPetya

Malware updated a month ago (2024-08-14T09:49:05.088Z)
Download STIX
Preview STIX
NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain attack. However, its impact was felt globally, causing widespread disruption and financial losses estimated at about $10 billion worldwide. NotPetya was particularly destructive, as it posed as ransomware but was ultimately designed to erase data rather than hold it hostage. The NotPetya attack had significant implications for cybersecurity and insurance industries. In a landmark case, pharmaceutical company Merck resolved a dispute with insurers over a $1.4 billion claim arising from the NotPetya incident in early 2024. This lawsuit, centered around Mondelez’s claim to Zurich to cover losses they suffered from the NotPetya attacks, sparked discussions about how cyber insurance should handle incidents of this nature. The ambiguity surrounding coverage for such events became untenable following the rise of ransomware and destructive malware attacks like NotPetya and Wannacry in 2017. Recent research from Recorded Future's Insikt Group has raised concerns about a potential "mobile NotPetya" event, drawing parallels between the dissemination of malware and disease. Models from epidemiology predict a similar pattern of spread if a mobile variant of NotPetya were to emerge. These findings underline the continued relevance of the 2017 NotPetya attack and emphasize the need for robust cybersecurity measures to prevent future incidents of a similar magnitude.
Description last updated: 2024-08-14T09:05:19.408Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bad Rabbit
2
Bad Rabbit is a notorious malware that emerged in October 2017, primarily targeting corporate networks. It operates as ransomware, encrypting the victim's files and disk while offering a means of decryption for a ransom. The malicious software uses fake Adobe Flash installer advertisements to lure v
Telebots
2
TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Wiper
Merck
Ukraine
Insurance
Russia
Vulnerability
Exploit
Ukrainian
Worm
Russia’s
Eset
russian
Backdoor
Encryption
Ransom
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
8
WannaCry is a type of malware, specifically ransomware, that emerged as one of the most significant cybersecurity threats in 2017. It exploited Windows' SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), allowing it to spread across networks and encrypt files,
Industroyeris related to
4
Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma
BlackEnergyis related to
4
BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a
Olympic DestroyerUnspecified
2
Olympic Destroyer is a notorious malware that wreaked havoc during the 2018 Winter Olympics in Pyeongchang, South Korea. The malicious software was deployed by Sandworm, a cyber-espionage group believed to be associated with APT28, a Russian cyber threat actor with a long history of high-profile cyb
WhisperGateUnspecified
2
WhisperGate is a destructive malware, first identified by Microsoft in January 2022, that has been used to target Ukrainian organizations including government, non-profit, and IT entities. This malicious software operates as a wiper disguised as ransomware, causing significant damage to computer sys
petyais related to
2
Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Da
StuxnetUnspecified
2
Stuxnet, discovered in 2010, is one of the most notorious malware attacks in history, primarily targeting Windows systems, programming logic controllers (PLCs), and supervisory controls and data acquisition (SCADA) systems. The military-grade cyberweapon was co-developed by the United States and Isr
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
4
Sandworm is a threat actor group, believed to be linked to Russia, known for executing actions with malicious intent. The group has been involved in numerous high-profile cybersecurity breaches over the years. In one significant incident, Sandworm compromised 11 Ukrainian telecommunications provider
APT28Unspecified
2
APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a threat actor linked to Russia. Active since at least 2007, this group has targeted governments, militaries, and security organizations worldwide. Notably, APT28 was responsible for the
Seashell BlizzardUnspecified
2
Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
EternalblueExploited
3
EternalBlue is a software vulnerability, specifically a flaw in the design or implementation of certain versions of Microsoft's Windows operating system. This vulnerability, formally known as CVE-2017-0144, allows malicious actors to execute code on the target server or system without proper authori
EternalromanceUnspecified
2
EternalRomance is a software vulnerability, specifically an exploit for the Server Message Block version 1 (SMBv1) protocol, which was leaked by the group known as the "ShadowBrokers." It affects Windows XP, Windows Server 2003, and Windows Vista systems. This flaw allows attackers to execute arbitr
Source Document References
Information about the NotPetya Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware
CERT-EU
8 months ago
Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
CERT-EU
7 months ago
Cyber Insurance Coverage Is Complex For Industrial Companies
CERT-EU
6 months ago
Emulating the Sabotage-Focused Russian Adversary Sandworm
Recorded Future
2 months ago
“Mobile NotPetya”: Spyware Zero-Click Exploit Development Increases Threat of Wormable Mobile Malware
RIA - Information System Authority
3 months ago
Head of RIA: last year was proof that securing the digital lifestyle requires investing in the security of information systems
RIA - Information System Authority
3 months ago
Threat Assessment: Cyber attacks against Ukraine and possible impact in Estonia
DARKReading
3 months ago
Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals
InfoSecurity-magazine
4 months ago
New North Korean Hacking Group Identified by Microsoft
InfoSecurity-magazine
5 months ago
Russia’s Sandworm Upgraded to APT44 by Google's Mandiant
Securityaffairs
5 months ago
Previously unknown Kapeka backdoor linked to Sandworm APT
DARKReading
5 months ago
Dangerous New ICS Malware Targets Orgs in Russia and Ukraine
BankInfoSecurity
5 months ago
The Global Menace of the Russian Sandworm Hacking Team
DARKReading
5 months ago
Sandworm Is Russia's Top Cyberattack Unit in Ukraine
Recorded Future
5 months ago
“Mobile NotPetya”: Spyware Zero-Click Exploit Development Increases Threat of Wormable Mobile Malware
DARKReading
5 months ago
White House's Call for Memory Safety Brings Challenges, Changes, and Costs
CERT-EU
6 months ago
Mitigating Lurking Threats in the Software Supply Chain
CERT-EU
6 months ago
We’re Slowly Learning About China’s Extensive Hacking Network | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Hacking at UnitedHealth unit cripples a swath of the US health system: What to know | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
What to know after hacking at UnitedHealth unit cripples part of the US health system | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting