Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector

Russian state-sponsored groups continue their cyber assaults on Ukraine and are now aiming their destructive wipers at more industries, including the grain sector, ESET’s latest APT activity report shows.

Over the past months, activity associated with Russian APTs focused on European Union member states and Ukraine, typically relying on spear-phishing emails as the initial access vector.

According to ESET, even the non-Ukrainian targets appear linked to the country and the overall war efforts, suggesting that Russian intelligence is mobilizing attention and resources to the ongoing conflict.

In this context, recent destructive cyberattacks attributed to Sandworm (also known as APT44, Iridium, Seashell Blizzard, TeleBots, and Voodoo Bear, and associated with GRU) stand out.

In April, Sandworm targeted a Ukrainian university with the Zerolot and Sting wipers. In June and September, the APT was seen deploying multiple data-wiping malware variants against Ukrainian governmental, energy, logistics, and grain entities.

The not-so-common targeting ...