Introduction to Sandworm
Sandworm is a Russian nation-state hacking group that has been active since 2009. The group is believed to be part of Russia's Military Unit 74455 of the Main Intelligence Directorate (GRU) and is known for carrying out disruptive and destructive attacks.
Recent Attack on Poland
Polish officials said the attack targeted two combined heat and power plants as well as a management system used to control electricity generated from renewable sources such as wind turbines and photovoltaic farms.
Poland's Prime Minister Donald Tusk said at a press conference, 'Everything indicates that these attacks were prepared by groups directly linked to the Russian services.'
DynoWiper Malware
ESET detects the malware as Win32/KillFiles.NMO and it has a SHA-1 hash of 4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6.
Here are my thoughts on the attack:
- What I Loved:
- The speed at which the Polish officials identified the source of the attack
- The fact that ESET was able to detect the malware
- What Felt Weird:
- The lack of technical details about the DynoWiper malware
- The fact that no sample of the wiper was uploaded to malware submission sites
The **DynoWiper malware** is a significant concern, and its impact on the power plants and management system is still being assessed.