#APT44

Hackread.com

@hackread.bsky.social

1 month ago

Poland Thwarts Russian Wiper Malware Attack on Power Plants Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

📢⚠️🚫 Poland blocks wiper malware attack from Russian #APT44 on power and heating plants, stopping major energy disruption.

hackread.com/poland-thwar...

#Cybersecurity #Malware #Russia #Poland #PowerGrid

Hackread.com

@hackread.bsky.social

2 months ago

Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

🔐 🖥️ 🌐 🛡️ Russian state-sponsored hackers are moving away from security vulnerabilities and breaking into critical infrastructure through misconfigured devices, warns Amazon Threat Intelligence. ⚠️ 🏭 🔍

Read: hackread.com/amazon-russi...

#CyberSecurity #Russia #Sandworm #APT44 #Amazon

CyberMaterial

@cybermaterial.bsky.social

2 months ago

Amazon Exposes GRU Cyber Campaign
Read More: buff.ly/RGjXqzb

#Cybersecurity #ThreatIntel #APT44 #Sandworm #RussiaCyber #CriticalInfrastructure #CloudSecurity #AWS #NationState

CySecurity News

@cysecuritynews.bsky.social

3 months ago

Russian Sandworm Hackers Deploy New Data-Wipers Against Ukraine’s Government and Grain Sector  Russian state-backed hacking group Sandworm has intensified its destructive cyber operations in Ukraine, deploying several families of data-wiping malware against organizations in the government, education, logistics, energy, and grain industries. According to a new report by cybersecurity firm ESET, the attacks occurred in June and September and form part of a broader pattern of digital sabotage carried out by Sandworm—also known as APT44—throughout the conflict.  Data wipers differ fundamentally from ransomware, which typically encrypts and steals data for extortion. Wipers are designed solely to destroy information by corrupting files, damaging disk partitions, or deleting master boot records in ways that prevent recovery. The resulting disruption can be severe, especially for critical Ukrainian institutions already strained by wartime pressures. Since Russia’s invasion, Ukraine has faced repeated wiper campaigns attributed to state-aligned actors, including PathWiper, HermeticWiper, CaddyWiper, WhisperGate, and IsaacWiper. ESET’s report documents advanced persistent threat (APT) activity between April and September 2025 and highlights a notable escalation: targeted attacks against Ukraine’s grain sector. Grain exports remain one of the country’s essential revenue streams, and ESET notes that wiper attacks on this industry reflect an attempt to erode Ukraine’s economic resilience. The company reports that Sandworm deployed multiple variants of wiper malware during both June and September, striking organizations responsible for government operations, energy distribution, logistics networks, and grain production. While each of these sectors has faced previous sabotage attempts, direct attacks on the grain industry remain comparatively rare and underscore a growing focus on undermining Ukraine’s wartime economy.  Earlier, in April 2025, APT44 used two additional wipers—ZeroLot and Sting—against a Ukrainian university. Investigators discovered that Sting was executed through a Windows scheduled task named after the Hungarian dish goulash, a detail that illustrates the group’s use of deceptive operational techniques. ESET also found that initial access in several incidents was achieved by UAC-0099, a separate threat actor active since 2023, which then passed control to Sandworm for wiper deployment. UAC-0099 has consistently focused its intrusions on Ukrainian institutions, suggesting coordinated efforts between threat groups aligned with Russian interests.  Although Sandworm has recently engaged in more espionage-driven operations, ESET concludes that destructive attacks remain a persistent and ongoing part of the group’s strategy. The report further identifies cyber activity linked to Iranian interests, though not attributed to a specific Iranian threat group. These clusters involved the use of Go-based wipers derived from open-source code and targeted Israel’s energy and engineering sectors in June 2025. The tactics, techniques, and procedures align with those typically associated with Iranian state-aligned hackers, indicating a parallel rise in destructive cyber operations across regions affected by geopolitical tensions.  Defending against data-wiping attacks requires a combination of familiar but essential cybersecurity practices. Many of the same measures advised for ransomware—such as maintaining offline, immutable backups—are crucial because wipers aim to permanently destroy data rather than exploit it. Strong endpoint detection systems, modern intrusion prevention technologies, and consistent software patching can help prevent attackers from gaining a foothold in networks. As Ukraine continues to face sophisticated threats from state-backed actors, resilient cybersecurity defenses are increasingly vital for preserving both operational continuity and national stability.

Russian Sandworm Hackers Deploy New Data-Wipers Against Ukraine’s Government and Grain Sector #APT44 #CyberAttacks #CyberHackers

NJCCIC

@njccic.bsky.social

4 months ago

The latest Weekly Bulletin is live!

Read more: www.cyber.nj.gov/connect/weekly-bulletin/...

#infosec #cyber #security #threatactor #apt44

NJCCIC

@njccic.bsky.social

4 months ago

The latest Weekly Bulletin is live!

Read more: www.cyber.nj.gov/connect/weekly-bulletin/...

#infosec #cyber #security #threatactor #apt44

Ahmandonk

@ahmandonk.bsky.social

4 months ago

📰 Grup Sandworm Gunakan Malware Data Wiper untuk Mengacaukan Sektor Gandum Ukraina

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/11/07/sandworm-hack...

#apt44 #cybersecurity #data #wiper #eset #russia #sandworm #sting #uac-0099 #ukraine #zerolot

The Daily Tech Feed

@thedailytechfeed.com

4 months ago

Alert: Sophisticated cyber attack targets defense personnel using weaponized military docs to deploy SSH-Tor backdoor. Stay vigilant! #CyberSecurity #Defense #SSH #Tor #APT44 Link: thedailytechfeed.com/sophisticate...

@matricedigitale.bsky.social

4 months ago

Campagna SkyCloak usa phishing e un backdoor Tor obfuscato per accessi persistenti a reti difesa in Russia e Bielorussia; EDR e filtri email restano essenziali.

#APT44 #backdoor #Bielorussia #Russia #sandworm #SkyCloak #Tor
www.matricedigitale.it/2025/11/04/s...

SOC Prime

@socprime.com

11 months ago

Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group  - SOC Prime Detect Seashell Blizzard also known as APT44 BadPilot campaign focused on stealthy initial infiltration with Sigma rules from SOC Prime Platform.

The russian-backed Seashell Blizzard aka #APT44 or #Sandworm is behind a stealthy “BadPilot” campaign focused on gaining persistent network access. Detect adversary activity targeting critical sectors with #Sigma rules from SOC Prime Platform.
buff.ly/2RQye7O

Android

@android.activitypub.awakari.com.ap.brid.gy

11 months ago

Emulating the Sophisticated Russian Adversary Seashell Blizzard AttackIQ has released a new asses […]

[Original post on securityboulevard.com]

BrokenDopamineCircuit

@g0rgeous.bsky.social

1 year ago

Russian Disinformation Unit Report:
Just read about Russia’s #APT44 (aka #Sandworm) —the cyber unit behind notorious attacks like #NotPetya . Their evolving tactics highlight the urgent need for robust cybersecurity measures. #CyberSecurity #APT44 #Sandworm

See More Below:

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying Mandi...

www.securityweek.com/how-russian-hackers-are-...

#Malware #& #Threats #Nation-State #APT44 […]

[Original post on securityweek.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft A subgro...

www.securityweek.com/russian-seashell-blizzar...

#Nation-State #APT44 #Microsoft […]

[Original post on securityweek.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft A subgro...

www.securityweek.com/russian-seashell-blizzar...

#Nation-State #APT44 #Featured […]

[Original post on securityweek.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft A subgroup of...

www.securityweek.com/russian-seashell-blizzar...

#Nation-State #APT44 #Featured […]

[Original post on securityweek.com]

Brad Snyder

@snyde21.bsky.social

1 year ago

Sandworm, an Inspiration for Hostile Actors The latest edition of the Seriously Risky Business cybersecurity newsletter, now on Lawfare.

Sandworm, an Inspiration for Hostile Actors
www.lawfaremedia.org/article/sand...

#Cybersecurity
#Russia
#APT
#APT44

D.F3NS

@s-n-a-f-u.bsky.social

1 year ago

Direktkoppling från #GRU till ryska hacktivister som sysslar med #DDoS - kolla även länkarna till #Google och sammanställningen om #APT44

cyberscoop.com/sandworm-apt... #Mandiant #hackers #cyberkrig #Ryssland #säkpol #föpol