Sandworm is intent on sabotage with spear phishing
The Federal Office for the Protection of the Constitution warns in its latest circular against personalized attacks by hackers. So far media companies and chemical weapons research have been identified as targets, but an extension to industrial companies is likely.
Share
It is now the “task of the intelligence services to shed light on the dark areas of cyber space”, said President of the Federal Office for the Protection of the Constitution Dr. Maaßen at the Potsdam Conference for National Cyber Security , organized by the Hasso-Plattner Institute (HPI), on June 21. He identified energy technology, x-ray and nuclear technology, measurement technology and aerospace as the main targets of attacks from Russia, while attacks from China, Iran and Turkey have apparently targeted administration and politics, the military, armaments, aerospace, electrical technology, the steel and metal industry and high-tech.
The latest findings of the Office for the Protection of the Constitution have now been published in Cyber Letter No. 02/2018 . It focuses specifically on spear phishing attacks on German media companies and chemical weapons research, in other words on highly targeted, personal contact that provides the addressee with a German Word document, which in turn asks for macros to be enabled – with the result that a VBA script is launched that downloads malicious code and ultimately gains control at PowerShell level. The Office for the Protection of the Constitution has traced this wave of attacks to a group by the name of Sandworm, behind which intelligence organizations are suspected to be lurking; at Kapersky Labs, the same grouping has been given the name Olympic Destroyer . The suspected aim is “not only to gain access to data, but also to sabotage IT systems”.
Related Exhibitors
Interested in news about exhibitors, top offers and trends in the industry?
Browser Notice
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.
Update Browser