Mandiant links Russia’s Sandworm hacking group to water infrastructure breaches | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Mandiant today released a report that links Sandworm, a Russian state-backed threat actor, to a series of recent cyberattacks against water utilities.

The Google LLC unit also changed the codename it uses to track the hacking group. Mandiant will refer to Sandstorm as APT44 going forward, with APT being an abbreviation of advanced persistent threat. That’s a term commonly used to describe state-backing hacking groups.

Mandiant believes that APT44 is an arm of Russia’s GRU military intelligence agency. “APT44 has aggressively pursued a multi-pronged effort to help the Russian military gain a wartime advantage and is responsible for nearly all of the disruptive and destructive operations against Ukraine over the past decade,” Mandiant researchers detailed in a blog post that accompanied today’s report.

One focus of the new report is a hacking group known as Cyber Army of Russia Reborn, or CARR. Mandiant researchers have determined that the group is affiliated with APT44. According to Wired, it’s currently unclear whether CARR is simply a cover for APT44 or operates separately.

In January, CARR published videos purporting to show it had breached two Texas towns’ water infrastructure. The clips depict a hacker manipulating a software control interface connected to a set of water utility systems. Officials in Muleshoe, one of the Texas towns impacted by the breach, later confirmed a cyberattack caused a water tank to overflow.

CARR has also targeted utility infrastructure in Europe. In one incident, the hackers appear to have breached a Polish wastewater treatment facility. CARR also claimed to have disrupted energy generation at a hydroelectric dam in France, but local officials later clarified the impacted facility was a small watermill. The mill’s operations weren’t impacted by the breach.

Today’s Mandiant report also links APT44 to a number of hacking campaigns related to Russia’s invasion of Ukraine.

According to the Google unit, APT44 has developed a piece of spyware dubbed Infamous Chisel for Russian troops. The malware is designed to infect Android handsets that Ukraine’s military uses for command-and-control activities. In another operation, APT44 set up a website for exfiltrating data from captured smartphones.

Mandiant has also linked the hacking group to a recent software supply chain attack. According to the Google unit, the operation saw APT44 compromise multiple critical infrastructure networks in Eastern Europe and Central Asia. The hacking group subsequently installed wiper, or data deletion, malware on one of the targeted organization’s systems.

“As Russia’s war continues, we anticipate Ukraine will remain the principal focus of APT44 operations,” Mandiant’s researchers wrote. “However, as history indicates, the group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate.”

Photo: Unsplash

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy



Click Here For The Original Story From This Source.


National Cyber Security