Compromiseseverity: Critical2017-06-27

NotPetya wiper outbreak via M.E.Doc supply chain

published by UK National Cyber Security Centre

Actor

SandwormRU · RussiaAPT

Russian military-intelligence (GRU Unit 74455) intrusion set responsible for some of the most destructive cyberattacks publicly attributed to a nation-state: the 2015 and 2016 Ukrainian power-grid ou…

Summary

A destructive wiper masquerading as ransomware spread globally via a trojanized update to M.E.Doc, a Ukrainian accounting software package. Damages were later estimated at over USD 10 billion, making NotPetya the costliest cyberattack on record. The U.S., U.K., and other governments publicly attributed the operation to the Russian GRU.

Primary source

ncsc.gov.uk

Other Sandworm events

2025-02-12Microsoft details Seashell Blizzard 'BadPilot' subgroup multi-year access ops
2020-10-19DOJ indicts six GRU Unit 74455 officers
2015-12-23Coordinated attack on Ukrainian electricity distribution

Summary

Tags

Primary source

Other Sandworm events