Skip to Content

Iridium/Sandworm APT – New Sandworm ransomware strain named RansomBoggs

Updated on 2022-11-29

ESET has a short blog post on RansomBoggs, a new ransomware strain deployed last week in Ukraine and which the company linked to Sandworm, a cyber-espionage group linked to the Russian military intelligence services. ESET spotted and warned about this new ransomware last Friday. Read more: RansomBoggs: New ransomware targeting Ukraine

Updated on 2022-11-28

ESET researchers connected the Russian Sandworm APT group to a new ransomware, dubbed RansomBoggs, that has been targeting Ukrainian entities. Read more: New ransomware attacks in Ukraine linked to Russian Sandworm hackers

ESET researchers connected the Russian Sandworm APT group to a new ransomware.

Updated on 2022-11-27: New Sandworm ransomware

ESET has discovered a new ransomware strain named RansomBoggs that was deployed against Ukrainian organizations last week. ESET said it linked the ransomware to a threat actor known as Sandworm, one of Russia’s military cyber units. Researchers said they found links between RansomBoggs and previous Sandworm malware deployed against Ukrainian targets, such as ArguePatch, CaddyWiper, and Industroyer2. Early signs suggest this may be another data wiper disguised as ransomware.

Updated on 2022-11-13: Russia behind Ukraine, Poland ransomware attacks

Microsoft said this week that ransomware attacks targeting transportation and logistics companies in Ukraine and neighboring Poland back in October were launched by Russian military hackers, with the aim of causing disruption of the flow of goods and materiel into Ukraine. Microsoft dubbed the attack Prestige, and its threat intelligence unit says “Iridium,” aka Sandworm, or Russia’s GRU Unit 74455, which is known for its offensive and destructive cyberattacks. Read more: New “Prestige” ransomware impacts organizations in Ukraine and Poland

Updated on 2022-11-11: Iridium/Sandworm

Also at the CyberWarCom conference on Thursday, Microsoft said it linked the attacks with the Prestige ransomware against organizations in Ukraine and Poland to a Russian state-sponsored group it tracks as Iridium, also known as Sandworm. At the same conference, Microsoft researchers also presented research about other threat actor groups like BROMINE (aka Berserk Bear) (on their abuse of data center infrastructure management interfaces), ZINC (on their use of social engineering campaigns built around weaponized legitimate open-source software), and several Chinese state actors (on their use of SOHO routers to obfuscate operations). Read more:


Microsoft attributed Prestige ransomware attacks to a Russian state-sponsored threat actor Iridium, who shares overlaps with the Sandworm APT group. Read more: Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.