"Russian Military Preparing New Destructive Attacks: Microsoft"

According to Microsoft, Russia is readying another destructive cyber assault on Ukraine and could expand its targets to include organizations outside the country supplying Kyiv.  Microsoft stated that Sandworm, a unit linked to the Russian military intelligence agency GRU, is preparing to follow its Foxblade and Caddywiper efforts last year with new wiper malware.  Microsoft noted that as of late 2022, the threat actor might also have been testing additional ransomware-style capabilities that could be used in destructive attacks on organizations outside Ukraine that serve key functions in Ukraine’s supply lines.  The company added that the Prestige ransomware operation against a Polish firm in late 2022 provides a precedent for such attacks.  Both Prestige and a separate variant, “Sullivan,” have been linked to Sandworm.  Microsoft claimed that the attacks using these malware types may have been attempts to test the reaction of Ukraine’s allies to a targeted destructive attack outside Ukraine.  In a similar way to NotPetya, ransomware is used as a cover for what is actually a destructive attack.  Microsoft said it had observed Russian threat activity against organizations in at least 17 European countries and some in the Americas between January and mid-February this year.  Microsoft argued that while these actions are most likely intended to boost intelligence collection against organizations providing political and material support to Ukraine, they could also if directed, inform destructive operations.  Russian operatives are also stoking fears that Moldova could be next in line for invasion, with the government there even accusing Moscow of plotting to overthrow the current pro-EU administration.  Microsoft warned that a “hack-and-leak” operation targeting Moldovan politicians is also aimed at sowing distrust between Europeans and their governments.

Infosecurity reports: "Russian Military Preparing New Destructive Attacks: Microsoft"