Russia-Linked Sandworm Group Replaces VPNFilter With New Malware
Following the 2018 public exposure of the VPNFilter malware, the Russia-linked Sandworm threat group has developed a replacement malware framework, which has mainly targeted firewall appliances, government agencies in the United States and the United Kingdom warn.
Also referred to as APT28, Fancy Bear, Sednit, Sofacy, and Voodoo Bear, the Sandworm hacking group is believed to be part of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
Historically, Sandworm has engaged in numerous cyberattacks targeting Ukraine, such as the 2015 BlackEnergy and the 2016 Industroyer attacks, as well as incidents with a broader impact, such as the 2017 NotPetya operation, and the 2018 attacks on the Winter Olympics and Paralympics.
In 2018, the United States announced that it had disrupted the “VPNFilter” botnet, but shortly after, the Security Service of Ukraine (SBU) said the Aulska chlorine station in Auly, Dnipropetrovsk, was targeted with the VPNFilter malware, likely in an attempt to disrupt operations at the critical infrastructure plant.
[READ: Hundreds of Networks…
