At a glance.
- Sandworm renews ransomware activity against Ukrainian targets.
- Russian cyber-reconnaissance at a Netherlands LNG terminal.
- European Parliament sustains brief DDoS attack.
- Internet service in Ukraine and Moldova interrupted by strikes against Ukraine's power grid.
- Iran's Fars news agency reports cyberattack.
- Top password list looks sadly familiar.
Sandworm renews ransomware activity against Ukrainian targets.
Over the weekend ESET observed surging use of a ransomware variant the company calls "RansomBoggs" against targets in Ukraine. The malware is written in .NET and is being tracked as a new strain, but ESET says RansomBoggs's deployment is similar to what they've observed in past Sandworm. Sandworm has been associated with Russia's GRU. The researchers tweeted, "There are similarities with previous attacks conducted by #Sandworm: a PowerShell script used to distribute the .NET ransomware from the domain controller is almost identical to the one seen last April during the #Industroyer2 attacks against the energy sector." ESET also sees similarities between RansomBoggs and Iridium, Microsoft's name for the GRU operation the company detected in "Prestige" ransomware attacks against Polish and Ukrainian targets in October.