Prestige

Malware updated 23 days ago (2024-11-29T14:10:59.319Z)
Download STIX
Preview STIX
Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group believed to be Russia-linked. The security firm WithSecure identified overlaps between Prestige ransomware attacks and another malware called Kapeka, which was likely used in intrusions leading to the deployment of Prestige ransomware later that year. Instances of these ransomware attacks coincided with Kapeka's deployment in Poland and Ukraine during the fall of 2022. The implications of these cyberattacks extend beyond immediate disruption. US lawmakers have raised concerns about potential exploitation of autonomous vehicles (AV) and similar technologies by foreign entities as a means of penetrating American infrastructure. This fear is particularly pronounced given China's growing prestige in AV research and technology investment, and the previous ban on Huawei's involvement in 5G tech due to security concerns. In this context, APT73, another threat group, has seemingly tried to bolster its prestige and suggest a level of sophistication beyond simply being financially motivated by giving itself an unofficial APT designation. Despite the challenges posed by malware like Prestige, cybersecurity measures continue to evolve. Companies and governments are investing heavily in technology and research to counter such threats. However, it is crucial for all stakeholders to remain vigilant and proactive in their cybersecurity efforts. The ongoing geopolitical tensions, especially between powerful nations like the US, China, and Russia, underscore the importance of robust cybersecurity strategies and the need to safeguard critical infrastructures from potential cyber threats.
Description last updated: 2024-09-03T16:17:22.640Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Prestige Ransomware is a possible alias for Prestige. In October 2022, a new strain of ransomware known as Prestige was reported by Microsoft. This malware had not been observed by Microsoft prior to its deployment and was found targeting transportation and logistics organizations in Ukraine and Poland. Prestige ransomware infects systems through suspi
5
Sandworm is a possible alias for Prestige. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c
4
Kapeka is a possible alias for Prestige. Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, i
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ukraine
Microsoft
Malware
Encrypt
Encryption
Apt
Russia
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The GreyEnergy Malware is associated with Prestige. GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlapsUnspecified
2
Source Document References
Information about the Prestige Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
4 months ago
CERT-EU
10 months ago
Securityaffairs
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago
Securityaffairs
2 years ago
Securityaffairs
2 years ago
Securityaffairs
2 years ago
Securityaffairs
a year ago
Securityaffairs
a year ago
Pulsedive
a year ago
CERT-EU
a year ago
ESET
2 years ago
CERT-EU
a year ago