aka: Quedagh, VOODOO BEAR, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS
This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage
2023-04-18 ⋅ Mandiant ⋅ Mandiant @online{mandiant:20230418:mtrends:af1a28e,
author = {Mandiant},
title = {{M-Trends 2023}},
date = {2023-04-18},
organization = {Mandiant},
url = {https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023},
language = {English},
urldate = {2023-04-18}
}
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-03-15 ⋅ Microsoft ⋅ Microsoft Threat Intelligence @techreport{intelligence:20230315:year:01e29b1,
author = {Microsoft Threat Intelligence},
title = {{A year of Russian hybrid warfare in Ukraine}},
date = {2023-03-15},
institution = {Microsoft},
url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf},
language = {English},
urldate = {2023-04-25}
}
A year of Russian hybrid warfare in Ukraine CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate |
2023-02-16 ⋅ Google ⋅ Shane Huntley @online{huntley:20230216:fog:de676ba,
author = {Shane Huntley},
title = {{Fog of war: how the Ukraine conflict transformed the cyber threat landscape}},
date = {2023-02-16},
organization = {Google},
url = {https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/},
language = {English},
urldate = {2023-02-16}
}
Fog of war: how the Ukraine conflict transformed the cyber threat landscape APT28 Ghostwriter SaintBear Sandworm Turla |
2023-02-15 ⋅ Google ⋅ Google Threat Analysis Group, Mandiant @techreport{group:20230215:fog:0d99aaa,
author = {Google Threat Analysis Group and Mandiant},
title = {{Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape}},
date = {2023-02-15},
institution = {Google},
url = {https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf},
language = {English},
urldate = {2023-03-13}
}
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
2023-01-29 ⋅ Acronis ⋅ Ilan Duhin @online{duhin:20230129:petyanot:23c3555,
author = {Ilan Duhin},
title = {{Petya/Not Petya Ransomware Analysis}},
date = {2023-01-29},
organization = {Acronis},
url = {https://medium.com/@Ilandu/petya-not-petya-ransomware-9619cbbb0786},
language = {English},
urldate = {2023-01-31}
}
Petya/Not Petya Ransomware Analysis EternalPetya |
2023-01-27 ⋅ ESET Research ⋅ ESET Research @online{research:20230127:tweets:ac3dd59,
author = {ESET Research},
title = {{Tweets on SwiftSlicer}},
date = {2023-01-27},
organization = {ESET Research},
url = {https://twitter.com/ESETresearch/status/1618960022150729728},
language = {English},
urldate = {2023-02-03}
}
Tweets on SwiftSlicer SwiftSlicer |
2023-01-27 ⋅ ESET Research ⋅ ESET Research @online{research:20230127:swiftslicer:0877e07,
author = {ESET Research},
title = {{SwiftSlicer: New destructive wiper malware strikes Ukraine}},
date = {2023-01-27},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/},
language = {English},
urldate = {2023-02-03}
}
SwiftSlicer: New destructive wiper malware strikes Ukraine SwiftSlicer |
2022-11-18 ⋅ Atlantic Council ⋅ Justin Sherman @online{sherman:20221118:gru:afc977c,
author = {Justin Sherman},
title = {{GRU 26165: The Russian cyber unit that hacks targets on-site}},
date = {2022-11-18},
organization = {Atlantic Council},
url = {https://www.atlanticcouncil.org/content-series/tech-at-the-leading-edge/the-russian-cyber-unit-that-hacks-targets-on-site/},
language = {English},
urldate = {2022-12-20}
}
GRU 26165: The Russian cyber unit that hacks targets on-site EternalPetya |
2022-10-31 ⋅ The Record ⋅ Alexander Martin @online{martin:20221031:mondelez:a33b8ce,
author = {Alexander Martin},
title = {{Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit}},
date = {2022-10-31},
organization = {The Record},
url = {https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit/},
language = {English},
urldate = {2022-11-03}
}
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit EternalPetya |
2022-10-24 ⋅ Youtube (Virus Bulletin) ⋅ Alexander Adamov @online{adamov:20221024:russian:97d3e2a,
author = {Alexander Adamov},
title = {{Russian wipers in the cyberwar against Ukraine}},
date = {2022-10-24},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=mrTdSdMMgnk},
language = {English},
urldate = {2023-03-20}
}
Russian wipers in the cyberwar against Ukraine AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate |
2022-09-23 ⋅ Mandiant ⋅ Mandiant Intelligence @online{intelligence:20220923:gru:511ea47,
author = {Mandiant Intelligence},
title = {{GRU: Rise of the (Telegram) MinIOns}},
date = {2022-09-23},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions},
language = {English},
urldate = {2022-09-26}
}
GRU: Rise of the (Telegram) MinIOns ArguePatch CaddyWiper |
2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk @online{knapczyk:20220818:overview:bf3eca2,
author = {Pawel Knapczyk},
title = {{Overview of the Cyber Weapons Used in the Ukraine - Russia War}},
date = {2022-08-18},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war/},
language = {English},
urldate = {2022-08-28}
}
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk @online{knapczyk:20220818:overview:a12950c,
author = {Pawel Knapczyk},
title = {{Overview of the Cyber Weapons Used in the Ukraine - Russia War}},
date = {2022-08-18},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war},
language = {English},
urldate = {2022-08-22}
}
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-12 ⋅ CrowdStrike ⋅ Ioan Iacob, Iulian Madalin Ionita @online{iacob:20220812:anatomy:b13ce32,
author = {Ioan Iacob and Iulian Madalin Ionita},
title = {{The Anatomy of Wiper Malware, Part 1: Common Techniques}},
date = {2022-08-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/},
language = {English},
urldate = {2023-01-19}
}
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-07-26 ⋅ Mandiant ⋅ Thibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden @online{berlaere:20220726:mandiant:c1c4498,
author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden},
title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}},
date = {2022-07-26},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics},
language = {English},
urldate = {2023-01-19}
}
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers Clop Industroyer MimiKatz Triton |
2022-07-19 ⋅ Google ⋅ Billy Leonard @online{leonard:20220719:continued:2a97da1,
author = {Billy Leonard},
title = {{Continued cyber activity in Eastern Europe observed by TAG}},
date = {2022-07-19},
organization = {Google},
url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag},
language = {English},
urldate = {2022-08-05}
}
Continued cyber activity in Eastern Europe observed by TAG CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
2022-06-23 ⋅ splunk ⋅ Splunk Threat Research Team @online{team:20220623:threat:c75f097,
author = {Splunk Threat Research Team},
title = {{Threat Update: Industroyer2}},
date = {2022-06-23},
organization = {splunk},
url = {https://www.splunk.com/en_us/blog/security/threat-update-industroyer2.html},
language = {English},
urldate = {2022-08-22}
}
Threat Update: Industroyer2 INDUSTROYER2 |
2022-05-31 ⋅ NOZOMI Network Labs ⋅ Giannis Tsaraias, Ivan Speziale @techreport{tsaraias:20220531:industroyer:67799a0,
author = {Giannis Tsaraias and Ivan Speziale},
title = {{Industroyer vs. Industroyer2: Evolution of the IEC 104 Component}},
date = {2022-05-31},
institution = {NOZOMI Network Labs},
url = {https://www.nozominetworks.com/downloads/US/Nozomi-Networks-WP-Industroyer2.pdf},
language = {English},
urldate = {2022-09-06}
}
Industroyer vs. Industroyer2: Evolution of the IEC 104 Component INDUSTROYER2 |
2022-05-18 ⋅ ntop ⋅ ntop @online{ntop:20220518:how:b94772c,
author = {ntop},
title = {{How ntopng monitors IEC 60870-5-104 traffic}},
date = {2022-05-18},
organization = {ntop},
url = {https://www.ntop.org/cybersecurity/how-ntopng-monitors-iec-60870-5-104-traffic/},
language = {English},
urldate = {2022-05-25}
}
How ntopng monitors IEC 60870-5-104 traffic INDUSTROYER2 |
2022-05-12 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team @online{team:20220512:threat:c711afc,
author = {The BlackBerry Research & Intelligence Team},
title = {{Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure}},
date = {2022-05-12},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/05/threat-thursday-malware-rebooted-how-industroyer2-takes-aim-at-ukraine-infrastructure},
language = {English},
urldate = {2022-05-17}
}
Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure INDUSTROYER2 |
2022-05-09 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220509:malware:1cdee23,
author = {cocomelonc},
title = {{Malware development: persistence - part 4. Windows services. Simple C++ example.}},
date = {2022-05-09},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
2022-05-02 ⋅ AT&T ⋅ Fernando Martinez @online{martinez:20220502:analysis:e5d626b,
author = {Fernando Martinez},
title = {{Analysis on recent wiper attacks: examples and how wiper malware works}},
date = {2022-05-02},
organization = {AT&T},
url = {https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works},
language = {English},
urldate = {2022-05-04}
}
Analysis on recent wiper attacks: examples and how wiper malware works AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper |
2022-04-28 ⋅ Fortinet ⋅ Gergely Revay @online{revay:20220428:overview:0ac963f,
author = {Gergely Revay},
title = {{An Overview of the Increasing Wiper Malware Threat}},
date = {2022-04-28},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat},
language = {English},
urldate = {2022-04-29}
}
An Overview of the Increasing Wiper Malware Threat AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
2022-04-27 ⋅ Nozomi Networks ⋅ Nozomi Networks Labs @online{labs:20220427:industroyer2:a037c0d,
author = {Nozomi Networks Labs},
title = {{Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload}},
date = {2022-04-27},
organization = {Nozomi Networks},
url = {https://www.nozominetworks.com/blog/industroyer2-nozomi-networks-labs-analyzes-the-iec-104-payload/},
language = {English},
urldate = {2022-04-29}
}
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload INDUSTROYER2 |
2022-04-27 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU) @online{dsu:20220427:special:f1a2031,
author = {Microsoft Digital Security Unit (DSU)},
title = {{Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine}},
date = {2022-04-27},
organization = {Microsoft},
url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd},
language = {English},
urldate = {2022-05-03}
}
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate |
2022-04-25 ⋅ Mandiant ⋅ Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker @online{zafra:20220425:industroyerv2:5548d98,
author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker},
title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}},
date = {2022-04-25},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks},
language = {English},
urldate = {2022-04-29}
}
INDUSTROYER.V2: Old Malware Learns New Tricks INDUSTROYER2 |
2022-04-25 ⋅ Netresec ⋅ Erik Hjelmvik @online{hjelmvik:20220425:industroyer2:ed9e211,
author = {Erik Hjelmvik},
title = {{Industroyer2 IEC-104 Analysis}},
date = {2022-04-25},
organization = {Netresec},
url = {https://www.netresec.com/?page=Blog&month=2022-04&post=Industroyer2-IEC-104-Analysis},
language = {English},
urldate = {2022-04-29}
}
Industroyer2 IEC-104 Analysis INDUSTROYER2 |
2022-04-23 ⋅ Stranded on Pylos Blog ⋅ Joe Slowik @online{slowik:20220423:industroyer2:c8064df,
author = {Joe Slowik},
title = {{Industroyer2 in Perspective}},
date = {2022-04-23},
organization = {Stranded on Pylos Blog},
url = {https://pylos.co/2022/04/23/industroyer2-in-perspective/},
language = {English},
urldate = {2022-04-25}
}
Industroyer2 in Perspective INDUSTROYER2 |
2022-04-20 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220420:malware:b20963e,
author = {cocomelonc},
title = {{Malware development: persistence - part 1. Registry run keys. C++ example.}},
date = {2022-04-20},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
2022-04-20 ⋅ CISA ⋅ CISA @online{cisa:20220420:alert:529e28c,
author = {CISA},
title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
organization = {CISA},
url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a},
language = {English},
urldate = {2022-04-25}
}
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
2022-04-20 ⋅ CISA ⋅ CISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA) @techreport{cisa:20220420:aa22110a:4fde5d6,
author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)},
title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
institution = {CISA},
url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf},
language = {English},
urldate = {2022-04-25}
}
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
2022-04-14 ⋅ SCADAfence ⋅ Maayan Fishelov @online{fishelov:20220414:industroyer2:31408b6,
author = {Maayan Fishelov},
title = {{Industroyer2: ICS Networks need to heighten vigilance - SCADAfence}},
date = {2022-04-14},
organization = {SCADAfence},
url = {https://blog.scadafence.com/industroyer2-attack},
language = {English},
urldate = {2022-05-25}
}
Industroyer2: ICS Networks need to heighten vigilance - SCADAfence INDUSTROYER2 |
2022-04-12 ⋅ ESET Research ⋅ ESET Research @online{research:20220412:industroyer2:4d6c5f8,
author = {ESET Research},
title = {{Industroyer2: Industroyer reloaded}},
date = {2022-04-12},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/},
language = {English},
urldate = {2022-04-13}
}
Industroyer2: Industroyer reloaded ArguePatch CaddyWiper Industroyer INDUSTROYER2 |
2022-04-12 ⋅ Twitter (@silascutler) ⋅ Silas Cutler @online{cutler:20220412:analysis:561c2a2,
author = {Silas Cutler},
title = {{Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2}},
date = {2022-04-12},
organization = {Twitter (@silascutler)},
url = {https://twitter.com/silascutler/status/1513870210398363651},
language = {English},
urldate = {2022-05-25}
}
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2 CaddyWiper INDUSTROYER2 |
2022-04-12 ⋅ ESET Research ⋅ ESET Ireland @online{ireland:20220412:industroyer2:aa61be3,
author = {ESET Ireland},
title = {{Industroyer2: Industroyer reloaded}},
date = {2022-04-12},
organization = {ESET Research},
url = {https://blog.eset.ie/2022/04/12/industroyer2-industroyer-reloaded/},
language = {English},
urldate = {2022-05-04}
}
Industroyer2: Industroyer reloaded CaddyWiper INDUSTROYER2 |
2022-04-12 ⋅ Cert-UA ⋅ Cert-UA @online{certua:20220412:cyberattack:5f28c75,
author = {Cert-UA},
title = {{Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)}},
date = {2022-04-12},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/39518},
language = {Ukrainian},
urldate = {2022-05-25}
}
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435) CaddyWiper Industroyer INDUSTROYER2 |
2022-03-01 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20220301:diskkillhermeticwiper:e543742,
author = {Marco Ramilli},
title = {{DiskKill/HermeticWiper and NotPetya (Dis)similarities}},
date = {2022-03-01},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2022/03/01/diskkill-hermeticwiper-and-notpetya-dissimilarities/},
language = {English},
urldate = {2022-03-02}
}
DiskKill/HermeticWiper and NotPetya (Dis)similarities EternalPetya HermeticWiper |
2022-02-28 ⋅ Microsoft ⋅ MSRC Team @online{team:20220228:cyber:69efe8b,
author = {MSRC Team},
title = {{Cyber threat activity in Ukraine: analysis and resources}},
date = {2022-02-28},
organization = {Microsoft},
url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/},
language = {English},
urldate = {2022-07-25}
}
Cyber threat activity in Ukraine: analysis and resources CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586 |
2022-02-25 ⋅ CyberPeace Institute @online{institute:20220225:ukraine:eb66e34,
author = {CyberPeace Institute},
title = {{UKRAINE: Timeline of Cyberattacks}},
date = {2022-02-25},
url = {https://cyberpeaceinstitute.org/ukraine-timeline-of-cyberattacks},
language = {English},
urldate = {2022-03-01}
}
UKRAINE: Timeline of Cyberattacks VPNFilter EternalPetya HermeticWiper WhisperGate |
2022-02-24 ⋅ Talos ⋅ Mitch Neff @online{neff:20220224:threat:93f498c,
author = {Mitch Neff},
title = {{Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine}},
date = {2022-02-24},
organization = {Talos},
url = {https://blog.talosintelligence.com/2022/02/current-executive-guidance-for-ongoing.html},
language = {English},
urldate = {2022-03-01}
}
Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine VPNFilter EternalPetya |
2022-02-24 ⋅ nviso ⋅ Michel Coene @online{coene:20220224:threat:f0dba09,
author = {Michel Coene},
title = {{Threat Update – Ukraine & Russia conflict}},
date = {2022-02-24},
organization = {nviso},
url = {https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/},
language = {English},
urldate = {2022-03-01}
}
Threat Update – Ukraine & Russia conflict EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate |
2022-02-24 ⋅ Tesorion ⋅ TESORION @techreport{tesorion:20220224:report:e2f2082,
author = {TESORION},
title = {{Report OSINT: Russia/ Ukraine Conflict Cyberaspect}},
date = {2022-02-24},
institution = {Tesorion},
url = {https://www.tesorion.nl/en/resources/pdfstore/Report-OSINT-Russia-Ukraine-Conflict-Cyberaspect.pdf},
language = {English},
urldate = {2022-03-01}
}
Report OSINT: Russia/ Ukraine Conflict Cyberaspect Mirai VPNFilter BlackEnergy EternalPetya HermeticWiper Industroyer WhisperGate |
2022-02-23 ⋅ ISTARI ⋅ Manuel Hepfer @online{hepfer:20220223:recap:48c7c69,
author = {Manuel Hepfer},
title = {{Re-cap: The Untold Story of NotPetya, The Most Devastating Cyberattack in History}},
date = {2022-02-23},
organization = {ISTARI},
url = {https://istari-global.com/spotlight/the-untold-story-of-notpetya/},
language = {English},
urldate = {2022-03-01}
}
Re-cap: The Untold Story of NotPetya, The Most Devastating Cyberattack in History EternalPetya |
2021-09-09 ⋅ Recorded Future ⋅ Insikt Group @techreport{group:20210909:dark:cd6bb6a,
author = {Insikt Group},
title = {{Dark Covenant: Connections Between the Russian State and Criminal Actors}},
date = {2021-09-09},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0909.pdf},
language = {English},
urldate = {2021-09-10}
}
Dark Covenant: Connections Between the Russian State and Criminal Actors BlackEnergy EternalPetya Gameover P2P Zeus |
2021-08-05 ⋅ Symantec ⋅ Threat Hunter Team @techreport{team:20210805:attacks:c2d7348,
author = {Threat Hunter Team},
title = {{Attacks Against Critical Infrastructure: A Global Concern}},
date = {2021-08-05},
institution = {Symantec},
url = {https://symantec.broadcom.com/hubfs/Attacks-Against-Critical_Infrastructrure.pdf},
language = {English},
urldate = {2021-08-06}
}
Attacks Against Critical Infrastructure: A Global Concern BlackEnergy DarkSide DistTrack Stuxnet |
2021-07-27 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team @techreport{team:20210727:old:3060d53,
author = {BlackBerry Research & Intelligence Team},
title = {{Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages}},
date = {2021-07-27},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-old-dogs-new-tricks.pdf},
language = {English},
urldate = {2021-07-27}
}
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
2021-05-31 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20210531:hacker:8874190,
author = {Andy Greenberg},
title = {{Hacker Lexicon: What Is a Supply Chain Attack?}},
date = {2021-05-31},
organization = {Wired},
url = {https://www.wired.com/story/hacker-lexicon-what-is-a-supply-chain-attack/},
language = {English},
urldate = {2022-10-17}
}
Hacker Lexicon: What Is a Supply Chain Attack? EternalPetya SUNBURST |
2021-04-29 ⋅ The Institute for Security and Technology ⋅ The Institute for Security and Technology @techreport{technology:20210429:combating:0d7c48e,
author = {The Institute for Security and Technology},
title = {{Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force}},
date = {2021-04-29},
institution = {The Institute for Security and Technology},
url = {https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force_Final_Report.pdf},
language = {English},
urldate = {2021-05-03}
}
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force Conti EternalPetya |
2021-04-29 ⋅ ESET Research ⋅ Robert Lipovsky, Matthieu Faou, Tony Anscombe, Andy Garth, Daniel Chromek @techreport{lipovsky:20210429:eset:ff67b6c,
author = {Robert Lipovsky and Matthieu Faou and Tony Anscombe and Andy Garth and Daniel Chromek},
title = {{ESET Industry Report on Government: Targeted but not alone}},
date = {2021-04-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2021/04/ESET_Industry_Report_Government.pdf},
language = {English},
urldate = {2021-05-03}
}
ESET Industry Report on Government: Targeted but not alone Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy |
2021-03-03 ⋅ DomainTools ⋅ Joe Slowik @online{slowik:20210303:centreon:f590f6e,
author = {Joe Slowik},
title = {{Centreon to Exim and Back: On the Trail of Sandworm}},
date = {2021-03-03},
organization = {DomainTools},
url = {https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm},
language = {English},
urldate = {2021-03-06}
}
Centreon to Exim and Back: On the Trail of Sandworm Exaramel PAS |
2021-02-16 ⋅ Twitter (@craiu) ⋅ Costin Raiu @online{raiu:20210216:twitter:97496ec,
author = {Costin Raiu},
title = {{Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm}},
date = {2021-02-16},
organization = {Twitter (@craiu)},
url = {https://twitter.com/craiu/status/1361581668092493824},
language = {English},
urldate = {2021-02-20}
}
Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm Exaramel |
2021-02-15 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20210215:france:b543876,
author = {Andy Greenberg},
title = {{France Ties Russia's Sandworm to a Multiyear Hacking Spree}},
date = {2021-02-15},
organization = {Wired},
url = {https://www.wired.com/story/sandworm-centreon-russia-hack/},
language = {English},
urldate = {2021-02-20}
}
France Ties Russia's Sandworm to a Multiyear Hacking Spree Exaramel Exaramel |
2021-02-11 ⋅ DomainTools ⋅ Joe Slowik @online{slowik:20210211:visibility:5d2f96e,
author = {Joe Slowik},
title = {{Visibility, Monitoring, and Critical Infrastructure Security}},
date = {2021-02-11},
organization = {DomainTools},
url = {https://www.domaintools.com/resources/blog/visibility-monitoring-and-critical-infrastructure-security},
language = {English},
urldate = {2021-02-20}
}
Visibility, Monitoring, and Critical Infrastructure Security Industroyer Stuxnet Triton |
2021-01-27 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20210127:sandword:7f2e586,
author = {CERT-FR},
title = {{Sandword Intrusion Set: Campaign Targeting Centreon Ssystems}},
date = {2021-01-27},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf},
language = {English},
urldate = {2021-03-02}
}
Sandword Intrusion Set: Campaign Targeting Centreon Ssystems Exaramel PAS Exaramel |
2020-12-21 ⋅ IronNet ⋅ Adam Hlavek, Kimberly Ortiz @online{hlavek:20201221:russian:804662f,
author = {Adam Hlavek and Kimberly Ortiz},
title = {{Russian cyber attack campaigns and actors}},
date = {2020-12-21},
organization = {IronNet},
url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors},
language = {English},
urldate = {2021-01-05}
}
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
2020-11-12 ⋅ Dragos ⋅ Dragos @techreport{dragos:20201112:cyber:cf5b4fd,
author = {Dragos},
title = {{Cyber Threat Perspective MANUFACTURING SECTOR}},
date = {2020-11-12},
institution = {Dragos},
url = {https://hub.dragos.com/hubfs/Whitepaper-Downloads/Dragos_Manufacturing%20Threat%20Perspective_1120.pdf},
language = {English},
urldate = {2020-11-18}
}
Cyber Threat Perspective MANUFACTURING SECTOR Industroyer Snake |
2020-11-04 ⋅ Stranded on Pylos Blog ⋅ Joe Slowik @online{slowik:20201104:enigmatic:c2d7b4e,
author = {Joe Slowik},
title = {{The Enigmatic Energetic Bear}},
date = {2020-11-04},
organization = {Stranded on Pylos Blog},
url = {https://pylos.co/2020/11/04/the-enigmatic-energetic-bear/},
language = {English},
urldate = {2020-11-06}
}
The Enigmatic Energetic Bear EternalPetya Havex RAT |
2020-10-19 ⋅ UK Government ⋅ ForeignCommonwealth & Development Office, Dominic Raab @online{office:20201019:uk:7ead390,
author = {ForeignCommonwealth & Development Office and Dominic Raab},
title = {{UK exposes series of Russian cyber attacks against Olympic and Paralympic Games}},
date = {2020-10-19},
organization = {UK Government},
url = {https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games},
language = {English},
urldate = {2020-10-23}
}
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games VPNFilter BlackEnergy EternalPetya Industroyer |
2020-10-19 ⋅ Riskint Blog ⋅ Curtis @online{curtis:20201019:revisited:df05745,
author = {Curtis},
title = {{Revisited: Fancy Bear's New Faces...and Sandworms' too}},
date = {2020-10-19},
organization = {Riskint Blog},
url = {https://www.riskint.blog/post/revisited-fancy-bear-s-new-faces-and-sandworms-too},
language = {English},
urldate = {2020-10-23}
}
Revisited: Fancy Bear's New Faces...and Sandworms' too BlackEnergy EternalPetya Industroyer Olympic Destroyer |
2020-10-19 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20201019:us:89aec2c,
author = {Andy Greenberg},
title = {{US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit}},
date = {2020-10-19},
organization = {Wired},
url = {https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/},
language = {English},
urldate = {2020-10-19}
}
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit EternalPetya Olympic Destroyer |
2020-10-19 ⋅ CyberScoop ⋅ Tim Starks @online{starks:20201019:us:d77b8f8,
author = {Tim Starks},
title = {{US charges Russian GRU officers for NotPetya, other major hacks}},
date = {2020-10-19},
organization = {CyberScoop},
url = {https://www.cyberscoop.com/russian-hackers-notpetya-charges-gru/},
language = {English},
urldate = {2020-10-19}
}
US charges Russian GRU officers for NotPetya, other major hacks EternalPetya |
2020-08-29 ⋅ Aguinet ⋅ Adrien Guinet @online{guinet:20200829:emulating:45c0c16,
author = {Adrien Guinet},
title = {{Emulating NotPetya bootloader with Miasm}},
date = {2020-08-29},
organization = {Aguinet},
url = {https://aguinet.github.io//blog/2020/08/29/miasm-bootloader.html},
language = {English},
urldate = {2020-09-04}
}
Emulating NotPetya bootloader with Miasm EternalPetya |
2020-07-29 ⋅ Atlantic Council ⋅ Trey Herr, June Lee, William Loomis, Stewart Scott @techreport{herr:20200729:breaking:d37db04,
author = {Trey Herr and June Lee and William Loomis and Stewart Scott},
title = {{BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain}},
date = {2020-07-29},
institution = {Atlantic Council},
url = {https://www.atlanticcouncil.org/wp-content/uploads/2020/07/Breaking-trust-Shades-of-crisis-across-an-insecure-software-supply-chain.pdf},
language = {English},
urldate = {2020-08-05}
}
BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain EternalPetya GoldenSpy Kwampirs Stuxnet |
2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20200729:trends:6810325,
author = {GReAT},
title = {{APT trends report Q2 2020}},
date = {2020-07-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2020/97937/},
language = {English},
urldate = {2020-07-30}
}
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
2020-06-21 ⋅ GVNSHTN ⋅ Gavin Ashton @online{ashton:20200621:maersk:5121522,
author = {Gavin Ashton},
title = {{Maersk, me & notPetya}},
date = {2020-06-21},
organization = {GVNSHTN},
url = {https://gvnshtn.com/maersk-me-notpetya/},
language = {English},
urldate = {2020-08-18}
}
Maersk, me & notPetya EternalPetya |
2020-06-09 ⋅ Kaspersky Labs ⋅ Costin Raiu @online{raiu:20200609:looking:3038dce,
author = {Costin Raiu},
title = {{Looking at Big Threats Using Code Similarity. Part 1}},
date = {2020-06-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/},
language = {English},
urldate = {2020-08-18}
}
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200305:humanoperated:d90a28e,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Human-operated ransomware attacks: A preventable disaster}},
date = {2020-03-05},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/},
language = {English},
urldate = {2020-03-06}
}
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
2020-01-31 ⋅ Virus Bulletin ⋅ Michal PosluÅ¡ný, Peter Kálnai @online{poslun:20200131:rich:c25f156,
author = {Michal Poslušný and Peter Kálnai},
title = {{Rich Headers: leveraging this mysterious artifact of the PE format}},
date = {2020-01-31},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/},
language = {English},
urldate = {2020-02-03}
}
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:iron:3c939bc,
author = {SecureWorks},
title = {{IRON VIKING}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/iron-viking},
language = {English},
urldate = {2020-05-23}
}
IRON VIKING BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor |
2020-01 ⋅ Dragos ⋅ Joe Slowik @techreport{slowik:202001:threat:d891011,
author = {Joe Slowik},
title = {{Threat Intelligence and the Limits of Malware Analysis}},
date = {2020-01},
institution = {Dragos},
url = {https://pylos.co/wp-content/uploads/2020/02/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf},
language = {English},
urldate = {2020-06-10}
}
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-05-08 ⋅ Verizon Communications Inc. ⋅ Verizon Communications Inc. @techreport{inc:20190508:2019:3c20a3b,
author = {Verizon Communications Inc.},
title = {{2019 Data Breach Investigations Report}},
date = {2019-05-08},
institution = {Verizon Communications Inc.},
url = {https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf},
language = {English},
urldate = {2020-05-10}
}
2019 Data Breach Investigations Report BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam |
2019-02-12 ⋅ Nozomi Networks ⋅ Alessandro Di Pinto @online{pinto:20190212:greyenergy:1acfcdf,
author = {Alessandro Di Pinto},
title = {{GreyEnergy Malware Research Paper: Maldoc to Backdoor}},
date = {2019-02-12},
organization = {Nozomi Networks},
url = {https://www.nozominetworks.com/2019/02/12/blog/greyenergy-malware-research-paper-maldoc-to-backdoor/},
language = {English},
urldate = {2020-01-10}
}
GreyEnergy Malware Research Paper: Maldoc to Backdoor GreyEnergy |
2019-01-25 ⋅ Github (NozomiNetworks) ⋅ NozomiNetworks @online{nozominetworks:20190125:toolkit:c87f77f,
author = {NozomiNetworks},
title = {{Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.}},
date = {2019-01-25},
organization = {Github (NozomiNetworks)},
url = {https://github.com/NozomiNetworks/greyenergy-unpacker},
language = {English},
urldate = {2020-01-09}
}
Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples. GreyEnergy |
2019-01-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT @online{cert:20190124:greyenergys:523e803,
author = {Kaspersky Lab ICS CERT},
title = {{GreyEnergy’s overlap with Zebrocy}},
date = {2019-01-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/greyenergys-overlap-with-zebrocy/89506/},
language = {English},
urldate = {2019-12-20}
}
GreyEnergy’s overlap with Zebrocy GreyEnergy Zebrocy |
2019-01-18 ⋅ Mark Edmondson @online{edmondson:20190118:black:e66dcec,
author = {Mark Edmondson},
title = {{BLACK ENERGY – Analysis}},
date = {2019-01-18},
url = {https://marcusedmondson.com/2019/01/18/black-energy-analysis/},
language = {English},
urldate = {2020-01-08}
}
BLACK ENERGY – Analysis BlackEnergy |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:sandworm:2c635f5,
author = {MITRE ATT&CK},
title = {{Group description: Sandworm Team}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0034/},
language = {English},
urldate = {2019-12-20}
}
Group description: Sandworm Team Sandworm |
2019 ⋅ Dragos ⋅ Dragos @online{dragos:2019:adversary:0237a20,
author = {Dragos},
title = {{Adversary Reports}},
date = {2019},
organization = {Dragos},
url = {https://dragos.com/adversaries.html},
language = {English},
urldate = {2020-01-10}
}
Adversary Reports ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:black:cea08bf,
author = {Cyber Operations Tracker},
title = {{Black Energy}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/black-energy},
language = {English},
urldate = {2019-12-20}
}
Black Energy Sandworm |
2018-10-18 ⋅ ESET Research ⋅ Anton Cherepanov @techreport{cherepanov:20181018:greyenergy:9885d0c,
author = {Anton Cherepanov},
title = {{GREYENERGY: A successor to BlackEnergy}},
date = {2018-10-18},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf},
language = {English},
urldate = {2020-01-09}
}
GREYENERGY: A successor to BlackEnergy Felixroot GreyEnergy |
2018-10-17 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @online{cherepanov:20181017:eset:c34687b,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{ESET unmasks ‘GREYENERGY’ cyber-espionage group}},
date = {2018-10-17},
organization = {ESET Research},
url = {https://www.eset.com/int/greyenergy-exposed/},
language = {English},
urldate = {2020-01-13}
}
ESET unmasks ‘GREYENERGY’ cyber-espionage group GreyEnergy GreyEnergy |
2018-10-11 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @online{cherepanov:20181011:new:8e588c3,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{New TeleBots backdoor: First evidence linking Industroyer to NotPetya}},
date = {2018-10-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/},
language = {English},
urldate = {2019-11-14}
}
New TeleBots backdoor: First evidence linking Industroyer to NotPetya Exaramel EternalPetya Exaramel Industroyer |
2018-08-22 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20180822:untold:9dcac56,
author = {Andy Greenberg},
title = {{The Untold Story of NotPetya, the Most Devastating Cyberattack in History}},
date = {2018-08-22},
organization = {Wired},
url = {https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/},
language = {English},
urldate = {2022-07-29}
}
The Untold Story of NotPetya, the Most Devastating Cyberattack in History EternalPetya |
2018-03-01 ⋅ Dragos ⋅ Dragos @techreport{dragos:20180301:industrial:6e4e898,
author = {Dragos},
title = {{INDUSTRIAL CONTROL SYSTEM THREATS}},
date = {2018-03-01},
institution = {Dragos},
url = {https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf},
language = {English},
urldate = {2020-01-08}
}
INDUSTRIAL CONTROL SYSTEM THREATS APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
2018-01-13 ⋅ The Washington Post ⋅ Ellen Nakashima @online{nakashima:20180113:russian:fce58a2,
author = {Ellen Nakashima},
title = {{Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes}},
date = {2018-01-13},
organization = {The Washington Post},
url = {https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html},
language = {English},
urldate = {2020-01-06}
}
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes EternalPetya |
2017-10-27 ⋅ F-Secure ⋅ F-Secure Global @online{global:20171027:big:916374a,
author = {F-Secure Global},
title = {{The big difference with Bad Rabbit}},
date = {2017-10-27},
organization = {F-Secure},
url = {https://labsblog.f-secure.com/2017/10/27/the-big-difference-with-bad-rabbit/},
language = {English},
urldate = {2020-01-07}
}
The big difference with Bad Rabbit EternalPetya |
2017-10-26 ⋅ Reversing Labs ⋅ None @online{none:20171026:reversinglabs:d3543db,
author = {None},
title = {{ReversingLabs' YARA rule detects BadRabbit encryption routine specifics}},
date = {2017-10-26},
organization = {Reversing Labs},
url = {https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-badrabbit-encryption-routine-specifics.html},
language = {English},
urldate = {2019-10-17}
}
ReversingLabs' YARA rule detects BadRabbit encryption routine specifics EternalPetya |
2017-10-26 ⋅ FireEye ⋅ Barry Vengerik, Ben Read, Brian Mordosky, Christopher Glyer, Ian Ahl, Matt Williams, Michael Matonis, Nick Carr @online{vengerik:20171026:backswing:3aab9cf,
author = {Barry Vengerik and Ben Read and Brian Mordosky and Christopher Glyer and Ian Ahl and Matt Williams and Michael Matonis and Nick Carr},
title = {{BACKSWING - Pulling a BADRABBIT Out of a Hat}},
date = {2017-10-26},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2017/10/backswing-pulling-a-badrabbit-out-of-a-hat.html},
language = {English},
urldate = {2019-12-20}
}
BACKSWING - Pulling a BADRABBIT Out of a Hat EternalPetya |
2017-10-25 ⋅ RiskIQ ⋅ Yonathan Klijnsma @online{klijnsma:20171025:down:8d41ef5,
author = {Yonathan Klijnsma},
title = {{Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection}},
date = {2017-10-25},
organization = {RiskIQ},
url = {https://www.riskiq.com/blog/labs/badrabbit/},
language = {English},
urldate = {2020-01-10}
}
Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection EternalPetya |
2017-10-24 ⋅ ESET Research ⋅ Editor @online{editor:20171024:kiev:b706a68,
author = {Editor},
title = {{Kiev metro hit with a new variant of the infamous Diskcoder ransomware}},
date = {2017-10-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/?utm_content=buffer8ffe4&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer},
language = {English},
urldate = {2019-11-14}
}
Kiev metro hit with a new variant of the infamous Diskcoder ransomware EternalPetya |
2017-10-24 ⋅ Intezer ⋅ Jay Rosenberg @online{rosenberg:20171024:notpetya:7146657,
author = {Jay Rosenberg},
title = {{NotPetya Returns as Bad Rabbit}},
date = {2017-10-24},
organization = {Intezer},
url = {http://www.intezer.com/notpetya-returns-bad-rabbit/},
language = {English},
urldate = {2020-01-05}
}
NotPetya Returns as Bad Rabbit EternalPetya |
2017-10-24 ⋅ Kaspersky Labs ⋅ Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov @online{mamedov:20171024:bad:3c21717,
author = {Orkhan Mamedov and Fedor Sinitsyn and Anton Ivanov},
title = {{Bad Rabbit ransomware}},
date = {2017-10-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/bad-rabbit-ransomware/82851/},
language = {English},
urldate = {2019-12-20}
}
Bad Rabbit ransomware EternalPetya |
2017-10-24 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20171024:new:5359735,
author = {Andy Greenberg},
title = {{New Ransomware Linked to NotPetya Sweeps Russia and Ukraine}},
date = {2017-10-24},
organization = {Wired},
url = {https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/},
language = {English},
urldate = {2020-01-06}
}
New Ransomware Linked to NotPetya Sweeps Russia and Ukraine EternalPetya |
2017-10-24 ⋅ Cisco Talos ⋅ Nick Biasini @online{biasini:20171024:threat:7bd8515,
author = {Nick Biasini},
title = {{Threat Spotlight: Follow the Bad Rabbit}},
date = {2017-10-24},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2017/10/bad-rabbit.html},
language = {English},
urldate = {2019-12-10}
}
Threat Spotlight: Follow the Bad Rabbit EternalPetya |
2017-10-24 ⋅ ESET Research ⋅ Marc-Etienne M.Léveillé @online{mlveill:20171024:bad:5653a57,
author = {Marc-Etienne M.Léveillé},
title = {{Bad Rabbit: Not‑Petya is back with improved ransomware}},
date = {2017-10-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/},
language = {English},
urldate = {2019-07-11}
}
Bad Rabbit: Not‑Petya is back with improved ransomware EternalPetya |
2017-10-05 ⋅ Virus Bulletin ⋅ Anton Cherepanov, Robert Lipovsky @online{cherepanov:20171005:industroyer:4406e62,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{Industroyer: Biggest threat to industrial control systems since Stuxnet}},
date = {2017-10-05},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/conference/vb2017/abstracts/last-minute-paper-industroyer-biggest-threat-industrial-control-systems-stuxnet/},
language = {English},
urldate = {2020-01-09}
}
Industroyer: Biggest threat to industrial control systems since Stuxnet Industroyer |
2017-09-19 ⋅ NCC Group ⋅ Ollie Whitehouse @online{whitehouse:20170919:eternalglue:c4348e0,
author = {Ollie Whitehouse},
title = {{EternalGlue part one: Rebuilding NotPetya to assess real-world resilience}},
date = {2017-09-19},
organization = {NCC Group},
url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/eternalglue-part-one-rebuilding-notpetya-to-assess-real-world-resilience/},
language = {English},
urldate = {2019-12-10}
}
EternalGlue part one: Rebuilding NotPetya to assess real-world resilience EternalPetya |
2017-09-18 ⋅ ThreatConnect ⋅ Paul Vann @online{vann:20170918:casting:87b63a9,
author = {Paul Vann},
title = {{Casting a Light on BlackEnergy}},
date = {2017-09-18},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/casting-a-light-on-blackenergy/},
language = {English},
urldate = {2020-01-13}
}
Casting a Light on BlackEnergy BlackEnergy |
2017-08-24 ⋅ ESET Research ⋅ Marc-Etienne M.Léveillé @online{mlveill:20170824:bad:78b7a5e,
author = {Marc-Etienne M.Léveillé},
title = {{Bad Rabbit: Not‑Petya is back with improved ransomware}},
date = {2017-08-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back},
language = {English},
urldate = {2022-08-25}
}
Bad Rabbit: Not‑Petya is back with improved ransomware EternalPetya Sandworm |
2017-08-11 ⋅ Threatpost ⋅ Tom Spring @online{spring:20170811:ukrainian:eb4451f,
author = {Tom Spring},
title = {{Ukrainian Man Arrested, Charged in NotPetya Distribution}},
date = {2017-08-11},
organization = {Threatpost},
url = {https://threatpost.com/ukrainian-man-arrested-charged-in-notpetya-distribution/127391/},
language = {English},
urldate = {2020-01-05}
}
Ukrainian Man Arrested, Charged in NotPetya Distribution EternalPetya |
2017-07-14 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170714:keeping:0759a8b,
author = {Malwarebytes Labs},
title = {{Keeping up with the Petyas: Demystifying the malware family}},
date = {2017-07-14},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/cybercrime/2017/07/keeping-up-with-the-petyas-demystifying-the-malware-family/},
language = {English},
urldate = {2019-12-20}
}
Keeping up with the Petyas: Demystifying the malware family EternalPetya GoldenEye PetrWrap Petya |
2017-07-05 ⋅ Cisco Talos ⋅ David Maynor, Aleksandar Nikolic, Matt Olney, Yves Younan @online{maynor:20170705:medoc:58bcc4a,
author = {David Maynor and Aleksandar Nikolic and Matt Olney and Yves Younan},
title = {{The MeDoc Connection}},
date = {2017-07-05},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2017/07/the-medoc-connection.html},
language = {English},
urldate = {2020-01-13}
}
The MeDoc Connection TeleDoor |
2017-07-04 ⋅ Wikipedia ⋅ Various @online{various:20170704:industroyer:54eba4d,
author = {Various},
title = {{Industroyer}},
date = {2017-07-04},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Industroyer},
language = {English},
urldate = {2020-01-08}
}
Industroyer Industroyer |
2017-07-04 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170704:analysis:37c48b2,
author = {Anton Cherepanov},
title = {{Analysis of TeleBots’ cunning backdoor}},
date = {2017-07-04},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/},
language = {English},
urldate = {2019-11-14}
}
Analysis of TeleBots’ cunning backdoor TeleDoor |
2017-07-03 ⋅ CrowdStrike ⋅ Shaun Hurley, Karan Sood @online{hurley:20170703:notpetya:1453645,
author = {Shaun Hurley and Karan Sood},
title = {{NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery}},
date = {2017-07-03},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/petrwrap-technical-analysis-part-2-further-findings-and-potential-for-mbr-recovery/},
language = {English},
urldate = {2019-12-20}
}
NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery EternalPetya |
2017-07-03 ⋅ The Guardian ⋅ Alex Hern @online{hern:20170703:notpetya:ba6bc6c,
author = {Alex Hern},
title = {{'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher}},
date = {2017-07-03},
organization = {The Guardian},
url = {https://www.theguardian.com/technology/2017/jul/03/notpetya-malware-attacks-ukraine-warrant-retaliation-nato-researcher-tomas-minarik},
language = {English},
urldate = {2019-07-11}
}
'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher EternalPetya |
2017-07-03 ⋅ G Data ⋅ G Data @online{data:20170703:who:7b53706,
author = {G Data},
title = {{Who is behind Petna?}},
date = {2017-07-03},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2017/07/29859-who-is-behind-petna},
language = {English},
urldate = {2020-01-08}
}
Who is behind Petna? EternalPetya |
2017-07-03 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @techreport{cherepanov:20170703:blackenergy:2403feb,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{BlackEnergy – what we really know about the notorious cyber attacks}},
date = {2017-07-03},
institution = {ESET Research},
url = {https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Cherepanov-Lipovsky.pdf},
language = {English},
urldate = {2019-10-14}
}
BlackEnergy – what we really know about the notorious cyber attacks BlackEnergy |
2017-06-30 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170630:eternalpetya:122fb36,
author = {Malwarebytes Labs},
title = {{EternalPetya – yet another stolen piece in the package?}},
date = {2017-06-30},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/06/eternalpetya-yet-another-stolen-piece-package/},
language = {English},
urldate = {2019-12-20}
}
EternalPetya – yet another stolen piece in the package? EternalPetya |
2017-06-30 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170630:telebots:84aa93d,
author = {Anton Cherepanov},
title = {{TeleBots are back: Supply‑chain attacks against Ukraine}},
date = {2017-06-30},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/},
language = {English},
urldate = {2019-12-20}
}
TeleBots are back: Supply‑chain attacks against Ukraine EternalPetya |
2017-06-30 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170630:telebots:7991503,
author = {Anton Cherepanov},
title = {{TeleBots are back: Supply‑chain attacks against Ukraine}},
date = {2017-06-30},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine},
language = {English},
urldate = {2022-08-25}
}
TeleBots are back: Supply‑chain attacks against Ukraine TeleBot Sandworm |
2017-06-30 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170630:from:d91b457,
author = {GReAT},
title = {{From BlackEnergy to ExPetr}},
date = {2017-06-30},
organization = {Kaspersky Labs},
url = {https://securelist.com/from-blackenergy-to-expetr/78937/},
language = {English},
urldate = {2019-12-20}
}
From BlackEnergy to ExPetr EternalPetya |
2017-06-29 ⋅ Bleeping Computer ⋅ Catalin Cimpanu @online{cimpanu:20170629:ransomware:d2d7b40,
author = {Catalin Cimpanu},
title = {{Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone}},
date = {2017-06-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-ukraine-with-mysterious-wannacry-clone/},
language = {English},
urldate = {2019-12-20}
}
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone EternalPetya |
2017-06-29 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170629:eternalpetya:bdd5896,
author = {Malwarebytes Labs},
title = {{EternalPetya and the lost Salsa20 key}},
date = {2017-06-29},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/06/eternalpetya-lost-salsa20-key/},
language = {English},
urldate = {2019-12-20}
}
EternalPetya and the lost Salsa20 key EternalPetya |
2017-06-29 ⋅ Robert Graham @online{graham:20170629:nonpetya:c470dd8,
author = {Robert Graham},
title = {{NonPetya: no evidence it was a "smokescreen"}},
date = {2017-06-29},
url = {http://blog.erratasec.com/2017/06/nonpetya-no-evidence-it-was-smokescreen.html},
language = {English},
urldate = {2020-01-07}
}
NonPetya: no evidence it was a "smokescreen" EternalPetya |
2017-06-29 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team @online{team:20170629:windows:f957ff3,
author = {Microsoft Defender ATP Research Team},
title = {{Windows 10 platform resilience against the Petya ransomware attack}},
date = {2017-06-29},
organization = {Microsoft},
url = {https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/},
language = {English},
urldate = {2020-01-07}
}
Windows 10 platform resilience against the Petya ransomware attack EternalPetya |
2017-06-28 ⋅ Kaspersky Labs ⋅ Anton Ivanov, Orkhan Mamedov @online{ivanov:20170628:expetrpetyanotpetya:903b1fc,
author = {Anton Ivanov and Orkhan Mamedov},
title = {{ExPetr/Petya/NotPetya is a Wiper, Not Ransomware}},
date = {2017-06-28},
organization = {Kaspersky Labs},
url = {https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/},
language = {English},
urldate = {2019-12-20}
}
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware EternalPetya |
2017-06-28 ⋅ hacks4pancakes @online{hacks4pancakes:20170628:why:8053178,
author = {hacks4pancakes},
title = {{Why NotPetya Kept Me Awake (& You Should Worry Too)}},
date = {2017-06-28},
url = {https://tisiphone.net/2017/06/28/why-notpetya-kept-me-awake-you-should-worry-too/},
language = {English},
urldate = {2020-01-09}
}
Why NotPetya Kept Me Awake (& You Should Worry Too) EternalPetya |
2017-06-28 ⋅ CrowdStrike ⋅ Falcon Intelligence Team @online{team:20170628:crowdstrike:e933e49,
author = {Falcon Intelligence Team},
title = {{CrowdStrike Protects Against NotPetya Attack}},
date = {2017-06-28},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/fast-spreading-petrwrap-ransomware-attack-combines-eternalblue-exploit-credential-stealing/},
language = {English},
urldate = {2019-12-20}
}
CrowdStrike Protects Against NotPetya Attack EternalPetya |
2017-06-27 ⋅ Medium thegrugq ⋅ thegrugq @online{thegrugq:20170627:pnyetya:45771f2,
author = {thegrugq},
title = {{Pnyetya: Yet Another Ransomware Outbreak}},
date = {2017-06-27},
organization = {Medium thegrugq},
url = {https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4},
language = {English},
urldate = {2020-01-13}
}
Pnyetya: Yet Another Ransomware Outbreak EternalPetya |
2017-06-27 ⋅ ESET Research ⋅ Editor @online{editor:20170627:new:4f7cbcd,
author = {Editor},
title = {{New WannaCryptor‑like ransomware attack hits globally: All you need to know}},
date = {2017-06-27},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine},
language = {English},
urldate = {2022-08-25}
}
New WannaCryptor‑like ransomware attack hits globally: All you need to know EternalPetya Sandworm |
2017-06-27 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170627:schroedingers:43c7e28,
author = {GReAT},
title = {{Schroedinger’s Pet(ya)}},
date = {2017-06-27},
organization = {Kaspersky Labs},
url = {https://securelist.com/schroedingers-petya/78870/},
language = {English},
urldate = {2019-12-20}
}
Schroedinger’s Pet(ya) EternalPetya |
2017-06-27 ⋅ SANS ⋅ Brad Duncan @online{duncan:20170627:checking:23c2251,
author = {Brad Duncan},
title = {{Checking out the new Petya variant}},
date = {2017-06-27},
organization = {SANS},
url = {https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/},
language = {English},
urldate = {2020-01-06}
}
Checking out the new Petya variant EternalPetya |
2017-06-13 ⋅ Dragos ⋅ Dragos @techreport{dragos:20170613:crashoverride:ee53f66,
author = {Dragos},
title = {{CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations}},
date = {2017-06-13},
institution = {Dragos},
url = {https://dragos.com/blog/crashoverride/CrashOverride-01.pdf},
language = {English},
urldate = {2020-01-10}
}
CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations Industroyer Sandworm |
2017-06-12 ⋅ ESET Research ⋅ Anton Cherepanov @techreport{cherepanov:20170612:win32industroyer:060c0e6,
author = {Anton Cherepanov},
title = {{WIN32/INDUSTROYER: A new threat for industrial control systems}},
date = {2017-06-12},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf},
language = {English},
urldate = {2020-01-13}
}
WIN32/INDUSTROYER: A new threat for industrial control systems Industroyer Sandworm |
2017-06-12 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @online{cherepanov:20170612:industroyer:15f0bec,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{Industroyer: Biggest threat to industrial control systems since Stuxnet}},
date = {2017-06-12},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/},
language = {English},
urldate = {2019-11-14}
}
Industroyer: Biggest threat to industrial control systems since Stuxnet Industroyer |
2017-06-12 ⋅ CISA ⋅ CISA @online{cisa:20170612:alert:7799e28,
author = {CISA},
title = {{Alert (TA17-163A)}},
date = {2017-06-12},
organization = {CISA},
url = {https://www.us-cert.gov/ncas/alerts/TA17-163A},
language = {English},
urldate = {2020-01-08}
}
Alert (TA17-163A) Sandworm |
2017-05-31 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:20170531:sandworm:1a9a446,
author = {MITRE ATT&CK},
title = {{Sandworm Team}},
date = {2017-05-31},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0034},
language = {English},
urldate = {2022-08-25}
}
Sandworm Team CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm |
2017-05-23 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170523:xdata:22024fb,
author = {Anton Cherepanov},
title = {{XData ransomware making rounds amid global WannaCryptor scare}},
date = {2017-05-23},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare},
language = {English},
urldate = {2022-08-25}
}
XData ransomware making rounds amid global WannaCryptor scare Sandworm |
2017-01-05 ⋅ ESET Research ⋅ Robert Lipovsky, Peter Kálnai @online{lipovsky:20170105:killdisk:5d49eac,
author = {Robert Lipovsky and Peter Kálnai},
title = {{KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt}},
date = {2017-01-05},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt},
language = {English},
urldate = {2022-08-25}
}
KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt KillDisk Sandworm |
2016-12-13 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20161213:rise:057c5f4,
author = {Anton Cherepanov},
title = {{The rise of TeleBots: Analyzing disruptive KillDisk attacks}},
date = {2016-12-13},
organization = {ESET Research},
url = {http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks},
language = {English},
urldate = {2022-08-25}
}
The rise of TeleBots: Analyzing disruptive KillDisk attacks KillDisk TeleBot Sandworm |
2016-12-13 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20161213:rise:d6ee3c1,
author = {Anton Cherepanov},
title = {{The rise of TeleBots: Analyzing disruptive KillDisk attacks}},
date = {2016-12-13},
organization = {ESET Research},
url = {http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/},
language = {English},
urldate = {2019-12-20}
}
The rise of TeleBots: Analyzing disruptive KillDisk attacks Credraptor KillDisk TeleBot |
2016-01-28 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20160128:blackenergy:3c2a914,
author = {GReAT},
title = {{BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents}},
date = {2016-01-28},
organization = {Kaspersky Labs},
url = {https://securelist.com/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/73440/},
language = {English},
urldate = {2019-12-20}
}
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents BlackEnergy |
2016-01-09 ⋅ Industrial Control Systems ⋅ Robert M. Lee @online{lee:20160109:confirmation:a5aeb08,
author = {Robert M. Lee},
title = {{Confirmation of a Coordinated Attack on the Ukrainian Power Grid}},
date = {2016-01-09},
organization = {Industrial Control Systems},
url = {https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid},
language = {English},
urldate = {2020-01-07}
}
Confirmation of a Coordinated Attack on the Ukrainian Power Grid Sandworm |
2015-12-30 ⋅ SANS ⋅ Michael J. Assante @online{assante:20151230:current:342c55e,
author = {Michael J. Assante},
title = {{Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage}},
date = {2015-12-30},
organization = {SANS},
url = {https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage},
language = {English},
urldate = {2019-12-17}
}
Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage Sandworm |
2015-02-17 ⋅ Kaspersky Labs ⋅ Kurt Baumgartner, Maria Garnaeva @online{baumgartner:20150217:be2:f7ce288,
author = {Kurt Baumgartner and Maria Garnaeva},
title = {{BE2 extraordinary plugins, Siemens targeting, dev fails}},
date = {2015-02-17},
organization = {Kaspersky Labs},
url = {https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/},
language = {English},
urldate = {2019-12-20}
}
BE2 extraordinary plugins, Siemens targeting, dev fails BlackEnergy |
2014-11-10 ⋅ Trend Micro ⋅ William Gamazo Sanchez @online{sanchez:20141110:timeline:fd77607,
author = {William Gamazo Sanchez},
title = {{Timeline of Sandworm Attacks}},
date = {2014-11-10},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/},
language = {English},
urldate = {2020-01-09}
}
Timeline of Sandworm Attacks Sandworm |
2014-11-03 ⋅ Kaspersky Labs ⋅ Kurt Baumgartner, Maria Garnaeva @online{baumgartner:20141103:be2:ea8544a,
author = {Kurt Baumgartner and Maria Garnaeva},
title = {{BE2 custom plugins, router abuse, and target profiles}},
date = {2014-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/},
language = {English},
urldate = {2019-12-20}
}
BE2 custom plugins, router abuse, and target profiles BlackEnergy |
2014-10-14 ⋅ Symantec ⋅ Symantec Security Response @online{response:20141014:sandworm:c129395,
author = {Symantec Security Response},
title = {{Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks}},
date = {2014-10-14},
organization = {Symantec},
url = {https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks},
language = {English},
urldate = {2020-01-08}
}
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
2014-10-14 ⋅ ESET Research ⋅ Robert Lipovsky @online{lipovsky:20141014:cve20144114:49123f0,
author = {Robert Lipovsky},
title = {{CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns}},
date = {2014-10-14},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2014/10/14/cve-2014-4114-details-august-blackenergy-powerpoint-campaigns/},
language = {English},
urldate = {2019-11-14}
}
CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns BlackEnergy |
2014-10-14 ⋅ Symantec ⋅ Symantec Security Response @online{response:20141014:sandworm:3f6e951,
author = {Symantec Security Response},
title = {{Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks}},
date = {2014-10-14},
organization = {Symantec},
url = {https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks},
language = {English},
urldate = {2020-04-21}
}
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
2010-07-15 ⋅ Kaspersky Labs ⋅ Dmitry Tarakanov @online{tarakanov:20100715:black:e6d41f9,
author = {Dmitry Tarakanov},
title = {{Black DDoS}},
date = {2010-07-15},
organization = {Kaspersky Labs},
url = {https://securelist.com/black-ddos/36309/},
language = {English},
urldate = {2019-12-20}
}
Black DDoS BlackEnergy |
2010-03-03 ⋅ Secureworks ⋅ Joe Stewart @online{stewart:20100303:blackenergy:d3aa259,
author = {Joe Stewart},
title = {{BlackEnergy Version 2 Threat Analysis}},
date = {2010-03-03},
organization = {Secureworks},
url = {https://www.secureworks.com/research/blackenergy2},
language = {English},
urldate = {2019-10-15}
}
BlackEnergy Version 2 Threat Analysis BlackEnergy |
2010-03-03 ⋅ FireEye ⋅ Julia Wolf @online{wolf:20100303:black:6ee657a,
author = {Julia Wolf},
title = {{Black Energy Crypto}},
date = {2010-03-03},
organization = {FireEye},
url = {https://web.archive.org/web/20140428201836/http://www.fireeye.com/blog/technical/malware-research/2010/03/black-energy-crypto.html},
language = {English},
urldate = {2020-02-27}
}
Black Energy Crypto BlackEnergy |
2007-10 ⋅ Arbor Networks ⋅ Jose Nazario @techreport{nazario:200710:blackenergy:f414256,
author = {Jose Nazario},
title = {{BlackEnergy DDoS Bot Analysis}},
date = {2007-10},
institution = {Arbor Networks},
url = {http://pds15.egloos.com/pds/201001/01/66/BlackEnergy_DDoS_Bot_Analysis.pdf},
language = {English},
urldate = {2022-04-25}
}
BlackEnergy DDoS Bot Analysis BlackEnergy |