Compromiseseverity: Critical2022-01-15
Cadet Blizzard deploys WhisperGate wiper against Ukrainian government
published by Microsoft Threat Intelligence
Actor
Russian state-sponsored intrusion set publicly assessed by Microsoft as associated with the GRU but operationally distinct from Forest Blizzard (APT28) and Seashell Blizzard (Sandworm). Conducted the…
Summary
Microsoft Threat Intelligence (then MSTIC) disclosed the WhisperGate destructive-malware operation against multiple Ukrainian government, IT services, and NGO organizations, tracked at the time as DEV-0586 and later named Cadet Blizzard. WhisperGate masqueraded as ransomware but wrote a fake ransom message and irretrievably corrupted disks. The operation immediately preceded Russia's full-scale invasion by approximately five weeks.
Tags
wiperdestructiveukrainegru