4 October 2023
In this detailed analysis, Mika Kerttunen, Kim Schuck, and Jonas Hemmelskamp discuss the hack on the KA-SAT networks in Ukraine and Western Europe in the initial stages of the Russian war against Ukraine.
Major Cyber Incident: NotPetya
Other incident names: ExPetr, SortaPetya, Petna, ExPetr, Diskcoder.C, Nyetya, GoldenEye
- 22 March 2023
- Kerttunen, Mika; Hemmelskamp, Jonas
- EN
About NotPetya
The Russian military intelligence service, the GRU, used a Trojan to initially target
Ukrainian infrastructure with a wiper called NotPetya. The attack spread worldwide to
become what the United States considered the most destructive and costly cyber–attack
in history. IT companies linked the campaign to the APT group Sandworm, who have been
linked to many disruptive cyber–attacks against Ukraine, such as the two consecutive
energy blackouts in Ukraine at the end of 2015 & 2016. Multiple governments attributed
the campaign to the GRU and its Unit 74455 that is generally associated with Sandworm.
Political and legal action was taken by the European Union and several individual
governments in response.
Timeframe
From 27 June 2017
Incident Type
Disruption, Hijacking with Misuse
Initiator
Russian state–affiliated group “Sandworm“
Affected Target
Ukrainian Infrastructure and hundreds of entities across the world
More Major Cyber Incidents (MaCIs)
- Research and Analysis
15 February 2023
In this detailed analysis, Mika Kerttunen and Linda Liang discuss the attack on Bahraini oil company BAPCO by Iranian state-backed hackers.