MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.
There are currently no families associated with this actor.
|2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ |
|2022-02-28 ⋅ Microsoft ⋅ |
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
|2022-01-15 ⋅ Microsoft ⋅ |
Destructive malware targeting Ukrainian organizations (DEV-0586)