One of the world's most advanced and ruthless hacking collectives, the Russian state-backed Sandworm group, has executed a series of destructive cyberattacks linked to the ongoing conflict against Ukraine, according to research released on Thursday.
In April, the group launched an attack on a Ukrainian university employing two wipers, designed to irrevocably erase sensitive data and disrupt the infrastructures that house it. The first wiper, known as Sting, targeted Windows computer networks by creating a task called DavaniGulyashaSdeshka, a term derived from Russian slang meaning 'eat some goulash,' ESET researchers revealed. The second wiper in the attack is identified as Zerlot.
Atypical Target
Subsequently, in June and September, Sandworm deployed multiple variants of wiper malware against various critical infrastructure targets in Ukraine, particularly those associated with government, energy, and logistics industries. Although these sectors have long been a focus for Russian cyber agents, the fourth target—a sector involved with Ukraine's grain industry—was notably less common.
“While all four industries have been previous targets of wiper attacks since 2022, the focus on the grain sector is less frequent,” ESET noted. “Given that grain exports are a significant revenue source for Ukraine, this targeting likely aims to undermine the nation's wartime economy.”
Wiper malware has been a preferred weapon of Russian hackers since at least 2012, demonstrated by the NotPetya worm. Initially attacking Ukraine, the self-propagating malware caused global disruption within hours, inflicting tens of billions of dollars in damage as it incapacitated thousands of organizations worldwide for extended periods.