Follow us on Twitter
Follow us on FacebookMicrosoft blames Russian Iridium for hacks
@ 2022/11/14Iridium apparently works with Sandworms
Microsoft is warning of a Russian based hacker called Iridium who is apparently co-ordinating attacks with Tsar Putin's elite Sandworm hacker group.
Vole noted a spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The Malware used is called Prestige and the attacks took place within an hour of each other. According to the Microsoft Threat Intelligence Center (MSTIC) the threat actor is called Iridium (or DEV-0960) who appears to be working with Sandworm (which is also known as Iron Viking, TeleBots, and Voodoo Bear).
"This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC said in an update.
Microsoft is warning of a Russian based hacker called Iridium who is apparently co-ordinating attacks with Tsar Putin's elite Sandworm hacker group.
Vole noted a spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The Malware used is called Prestige and the attacks took place within an hour of each other. According to the Microsoft Threat Intelligence Center (MSTIC) the threat actor is called Iridium (or DEV-0960) who appears to be working with Sandworm (which is also known as Iron Viking, TeleBots, and Voodoo Bear).
"This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC said in an update.
