Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine
Security Affairs
NOVEMBER 11, 2022
Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers.
Let's personalize your content