Prestige

Malware updated 2 months ago (2024-09-03T16:17:44.561Z)

Download STIX

Preview STIX

Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group believed to be Russia-linked. The security firm WithSecure identified overlaps between Prestige ransomware attacks and another malware called Kapeka, which was likely used in intrusions leading to the deployment of Prestige ransomware later that year. Instances of these ransomware attacks coincided with Kapeka's deployment in Poland and Ukraine during the fall of 2022. The implications of these cyberattacks extend beyond immediate disruption. US lawmakers have raised concerns about potential exploitation of autonomous vehicles (AV) and similar technologies by foreign entities as a means of penetrating American infrastructure. This fear is particularly pronounced given China's growing prestige in AV research and technology investment, and the previous ban on Huawei's involvement in 5G tech due to security concerns. In this context, APT73, another threat group, has seemingly tried to bolster its prestige and suggest a level of sophistication beyond simply being financially motivated by giving itself an unofficial APT designation. Despite the challenges posed by malware like Prestige, cybersecurity measures continue to evolve. Companies and governments are investing heavily in technology and research to counter such threats. However, it is crucial for all stakeholders to remain vigilant and proactive in their cybersecurity efforts. The ongoing geopolitical tensions, especially between powerful nations like the US, China, and Russia, underscore the importance of robust cybersecurity strategies and the need to safeguard critical infrastructures from potential cyber threats.

Description last updated: 2024-09-03T16:17:22.640Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Prestige Ransomware is a possible alias for Prestige. In October 2022, a new strain of ransomware known as Prestige was reported by Microsoft. This malware had not been observed by Microsoft prior to its deployment and was found targeting transportation and logistics organizations in Ukraine and Poland. Prestige ransomware infects systems through suspi	5
Sandworm is a possible alias for Prestige. Sandworm, also known as APT44, is a Russia-linked threat actor that has been implicated in several major cyberattacks. This group has been particularly active against targets in Ukraine and Poland, with significant operations including the compromise of 11 Ukrainian telecommunications providers, whi	4
Kapeka is a possible alias for Prestige. Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, i	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ukraine

Microsoft

Malware

Encrypt

Encryption

Apt

Russia

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The GreyEnergy Malware is associated with Prestige. GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps	Unspecified	2

Source Document References

Information about the Prestige Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	2 months ago	Active Ransomware Groups Surge by 56% in 2024
CERT-EU	8 months ago	Fred Morstatter
Securityaffairs	6 months ago	Previously unknown Kapeka backdoor linked to Sandworm APT
BankInfoSecurity	6 months ago	Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'
CERT-EU	7 months ago	China protests Taiwan minister's role at Seoul summit backed by US
CERT-EU	8 months ago	What the Great Tea Race says about today's AI competition
CERT-EU	a year ago	Still hiring: Big Tech layoffs give other sectors an opening
CERT-EU	a year ago	Rupert Murdoch \| Exit of the patriarch
CERT-EU	2 years ago	‘North Korea-linked’ Hackers Made Off With at Least $630 Million in Crypto, Report Claims
CERT-EU	a year ago	Russian draft dodgers punch transgender card
CERT-EU	a year ago	LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Securityaffairs	a year ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs	2 years ago	Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal
Securityaffairs	2 years ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
Securityaffairs	a year ago	Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Pulsedive	a year ago	Blog \| Analyzing DarkGate Loaders
CERT-EU	a year ago	Threats and opportunities: Home Affairs enters its post-Pezzullo era
ESET	2 years ago	RansomBoggs: New ransomware targeting Ukraine \| WeLiveSecurity
CERT-EU	a year ago	'Increasingly Sophisticated': Concerns Mount Against Chinese Autonomous Vehicle Firms