Major Cyber Incident: NotPetya22
Other incident names: ExPetr, SortaPetya, Petna, ExPetr, Diskcoder.C, Nyetya, GoldenEye
- 22 März 2023
- Kerttunen, Mika; Hemmelskamp, Jonas
- EN
About NotPetya
The Russian military intelligence service, the GRU, used a Trojan to initially target
Ukrainian infrastructure with a wiper called NotPetya. The attack spread worldwide to
become what the United States considered the most destructive and costly cyber–attack
in history. IT companies linked the campaign to the APT group Sandworm, who have been
linked to many disruptive cyber–attacks against Ukraine, such as the two consecutive
energy blackouts in Ukraine at the end of 2015 & 2016. Multiple governments attributed
the campaign to the GRU and its Unit 74455 that is generally associated with Sandworm.
Political and legal action was taken by the European Union and several individual
governments in response.
Timeframe
From 27 June 2017
Incident Type
Disruption, Hijacking with Misuse
Initiator
Russian state–affiliated group “Sandworm“
Affected Target
Ukrainian Infrastructure and hundreds of entities across the world
Mehr Major Cyber Incidents (MaCIs)
- Research and Analysis