TLDR:
– Russian hackers affiliated with GRU targeted 20 Ukrainian critical infrastructure facilities in March 2024.
– The hackers used supply chain exploitation to deliver infected software updates.
In a recent disclosure, Ukraine’s Computer Emergency Response Team (CERT-UA) revealed that Russian hackers linked to the GRU targeted 20 critical infrastructure facilities in Ukraine during March 2024. The cyber attacks focused on energy, heating, and water facilities in 10 different regions. The hackers exploited supply chains to deliver infected software updates or leverage third-party access for maintenance and technical support. Ukrainian cyber defenders discovered and removed two Linux backdoors, “Biasboat” and “LoadGrip,” which were derived from the previously-known “Queueseed” backdoor. This activity is attributed to the Russian hacking group Sandworm, also known as APT44, which is closely linked to Russia’s Main Directorate of the General Staff of the Armed Forces (GRU). The Ukrainian cyber authorities also detected other malicious programs and tools used by the hackers, such as GOSSIPFLOW and Chisel. These ongoing attacks highlight the importance of improving cybersecurity practices within critical infrastructure organizations to prevent future incidents.