Ukrainian news agency ransomware attack tied to Sandworm operation

BleepingComputer reports that Russian hacking operation Sandworm is being tied by the Computer Emergency Response Team of Ukraine to a significant CaddyWiper malware attack against Ukraine's national news agency Ukrinform. Ukrinform had its information infrastructure severely impacted by the attack but the threat has been quickly isolated, according to the State Service of Special Communications and Information Protection of Ukraine. "This enabled Ukrinform to continue its operation. Right now, CERT-UA specialists are assisting in infrastructure recovery and continuing investigation of the incident," said SSSCIP. Such an attack has been associated with Sandworm due to tactics employed in the intrusion, which involved CaddyWiper deployment using a Windows group policy. CaddyWiper was previously distributed in a thwarted malware attack targeted at a major Ukrainian energy provider. Various Ukrainian targets have been subjected to attacks with CaddyWiper and other data-wiping malware, such as AcidRain, WhisperKill, WhisperGate, HermeticWiper, DoubleZero, and IsaacWiper since being invaded by Russia last February.