The company said the use of trojans from the BlackEnergy malware family as well as the KillDisk tool, found after investigating the attack on Ukrainian power authorities’ systems, are common in Sandworm Team’s attacks. Those findings, along with intelligence supplied by ‘sensitive sources’ point to the Russian cyberattack outfit.
Reuters reports that Ukraine’s SBU state security service also believes Russia is to blame for the outage. However, no links between Sandworm Team and the Russian government have been established so far.
The group is believed to have previously targeted Ukrainian officials, NATO members and even the US Department of Homeland Security on espionage missions.
➤ Sandworm Team and the Ukrainian Power Authority Attacks [iSIGHT Partners Blog]