15th October 2018, By Tara Seals
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT.
The massive NotPetya ransomware outbreak that crippled organizations around the world last year turns out to have links to the Industroyer backdoor, which targets industrial control systems (ICS) and took down the Ukrainian power grid in Kiev in 2016.
In fact, the same threat actor – dubbed TeleBots (a.k.a. Sandworm) by ESET researchers – appears to be behind NotPetya, the 2015 BlackEnergy attack that also caused blackouts in Ukraine, and the Industroyer campaign a year later.
NotPetya (a.k.a. ExPetr) broke out last June, and was initially believed to be another global ransomware attack on par with WannaCry – but it turned out to be a wiper in disguise. While the malware has a ransomware component, NotPetya can’t decrypt victims’ disk, even if a payment is made.
Full Article.
