Microsoft Discovers Destructive Malware Targeting Ukraine

Informationsecuritybuzz

ISBuzz Staff | informationsecuritybuzz.com »

In a blog published Saturday, Microsoft says it has discovered  a destructive malware being used to corrupt systems of multiple organizations in Ukraine. Microsoft Threat Intelligence Center (MSTIC) first discovered the ransomware-like malware on January 13. In response to this blog, an expert with Gurucul has offered perspective.

Experts Comments
Saryu Nayyar

| January 18, 2022

Saryu Nayyar, CEO, Gurucul

As noted, this is not atypical ransomware as it overwrites the master boot record. Nation state threat actors usually have three objectives, spying for intelligence, intellectual property theft, and disruption/destruction. Clearly this is the latter as these threat actor groups aren’t interested in simple financial gain. What is of note is the malware propagates through publicly available code used for lateral movement and execution. Part of that execution is downloading of file corruption software from a Discord channel. This is where it is critical to employ adaptive machine learning and behavioral detection found in true next generation SIEMs identifying the lateral movement and connection attempts to Discord. In addition, identity and access analytics are extremely useful here to determine unusual or unauthorized remote access. The combination of the two goes beyond sifting through traditional IoCs that can easily be missed or escalated by traditional SIEMs or XDR tools.

Microsoft Discovers Destructive Malware

Microsoft Discovers Destructive Malware
External Link: Microsoft Discovers Destructive Malware Targeting Ukraine

Share this page:

Related Posts