Russian Sandworm APT impersonates Ukrainian telcos to deliver malware
Security Affairs
SEPTEMBER 21, 2022
Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers. Pierluigi Paganini.
Let's personalize your content