Other incident names: ExPetr, SortaPetya, Petna, ExPetr, Diskcoder.C, Nyetya, GoldenEye
22 March 2023
Kerttunen, Mika; Hemmelskamp, Jonas
EN
About NotPetya
TheRussianmilitary intelligence service,theGRU,used a Trojan to initially target Ukrainian infrastructurewith a wiper called NotPetya.The attack spread worldwide to becomewhat the United States consideredthe most destructive and costly cyber–attack inhistory.ITcompanies linked thecampaign totheAPTgroupSandworm,who have been linked to manydisruptivecyber–attacksagainst Ukraine, such as the two consecutive energy blackouts in Ukraine at the endof 2015 & 2016.Multiple governments attributed the campaign totheGRU and its Unit 74455thatis generally associated with Sandworm. Political andlegal action was taken by the European Unionandseveral individual governmentsin response.
In this detailed analysis, Mika Kerttunen, Kim Schuck, and Jonas Hemmelskamp discuss the hack on the KA-SAT networks in Ukraine and Western Europe in the initial stages of the Russian war against Ukraine.