The full-scale war in Ukraine has been going on for over a year and a half, and there has been a lot of development both on the kinetic front and on the cyber front. Following the most impactful cyberattacks at the beginning of the war – from our discoveries of HermeticWiper on the eve of Russia’s invasion to the latest attempt to take down a part of Ukraine’s power grid through Industroyer2 – waves of cyberattacks continue to the present day with varying levels of intensity.
This presentation will focus on two main areas: Sandworm’s cyber sabotage activity via wipers of various "flavors" and Gamaredon’s relentless cyberespionage campaigns. Having discovered and tracked the numerous campaigns of these groups for around a decade, we will share our unique perspective on the evolution of these Russian actors’ malware, TTPs, and modus operandi.
