Prestige

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Prestige is a type of malware attributed to the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. This malicious software was used in ransomware attacks against Ukrainian and Polish logistics companies in October 2022. The deployment of Prestige coincided with reported instances of ransomware attacks in Poland and Ukraine during the fall of 2022. These incidents were attributed to Sandworm by Microsoft. Security firm WithSecure identified overlaps between another backdoor dubbed "Kapeka" and the Prestige ransomware attacks, suggesting that Kapeka was likely used in intrusions leading to the deployment of Prestige. The use of Prestige ransomware is part of a broader pattern of cyber-attacks from Sandworm, which has been linked to multiple wipers used in attacks against Ukraine in 2022, including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, RansomBoggs, and ZeroWipe. Sandworm's activities have raised concerns among US lawmakers about the potential exploitation of autonomous vehicles and similar technology as a way to penetrate American infrastructure, particularly considering previous bans on Chinese firms like Huawei in 5G tech due to security concerns. The geopolitical context adds another layer of complexity to these cybersecurity issues. Observers note the camaraderie between Chinese leader Xi Jinping and Russian President Vladimir Putin, and their increasingly convergent leadership styles. There are concerns that any weakening of Putin’s power and prestige within Russia could reflect negatively on Xi’s own leadership. Meanwhile, North Korea has also been accused of various cyber-attacks and ransomware schemes, further adding to the global tension surrounding cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Prestige Ransomware
5
The Prestige ransomware is a type of malware that had not been observed by Microsoft prior to its deployment. It is a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, it can steal personal
Sandworm
4
Sandworm, a threat actor linked to Russia, is known for its malicious cyber activities. These actions have been characterized by significant breaches and disruptions, primarily targeting Ukrainian entities. This group has demonstrated advanced capabilities, including the use of fileless attacks as d
Kapeka
2
Kapeka is a previously unknown backdoor malware that has been linked to the Russian Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, discovered in 2022, is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or w
Prestige Ranusomeware
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ukraine
Microsoft
Encrypt
Russia
Encryption
Malware
Nuclear
Australian
Payload
Wagner
Chinese
China
Taiwan
Ukrainian
Ransom
Eset
Vulnerability
Cybercrime
Apt
Exploit
Backdoor
Antivirus
Ransomware P...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GreyEnergyUnspecified
2
GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps
HermeticWiperUnspecified
1
HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro
Industroyer2Unspecified
1
Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's
IsaacwiperUnspecified
1
IsaacWiper is a malicious software (malware) that has been identified as part of a series of cyberattacks against Ukraine in 2022. The malware is known to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, IsaacWiper can disru
WhisperGateUnspecified
1
WhisperGate is a type of malware, specifically a wiper, that was used extensively in cyberattacks against Ukrainian organizations throughout 2022. It was one of several malicious software tools deployed by Russian Advanced Persistent Threat (APT) actors, alongside others such as AwfulShred, CaddyWip
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
CaddyWiperUnspecified
1
CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Seashell BlizzardUnspecified
1
Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Prestige Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
3 months ago
Previously unknown Kapeka backdoor linked to Sandworm APT
BankInfoSecurity
3 months ago
Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'
CERT-EU
4 months ago
China protests Taiwan minister's role at Seoul summit backed by US
CERT-EU
5 months ago
What the Great Tea Race says about today's AI competition
CERT-EU
a year ago
Still hiring: Big Tech layoffs give other sectors an opening
CERT-EU
10 months ago
Rupert Murdoch | Exit of the patriarch 
CERT-EU
a year ago
‘North Korea-linked’ Hackers Made Off With at Least $630 Million in Crypto, Report Claims
CERT-EU
a year ago
Russian draft dodgers punch transgender card
CERT-EU
a year ago
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Securityaffairs
a year ago
Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs
a year ago
Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal
Securityaffairs
a year ago
Google TAG warns of Russia-linked APT groups targeting Ukraine
Securityaffairs
9 months ago
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
Securityaffairs
10 months ago
Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Pulsedive
8 months ago
Blog | Analyzing DarkGate Loaders
CERT-EU
8 months ago
Threats and opportunities: Home Affairs enters its post-Pezzullo era
ESET
a year ago
RansomBoggs: New ransomware targeting Ukraine | WeLiveSecurity
CERT-EU
a year ago
'Increasingly Sophisticated': Concerns Mount Against Chinese Autonomous Vehicle Firms
CERT-EU
a year ago
Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success
CERT-EU
a year ago
Links 20/07/2023: MySQL 8.1 and WordPress 6.3 Release Candidate 1