U.S. federal agencies and international partners published a report warning of a new malware campaign from Russian military cyber actors known publicly as Sandworm.
The joint guidance is intended to promote discovery and mitigation of this new malware from an actor known to target U.S. government and Defense Industrial Base (DIB) networks.
“Russia continues to leverage the cyber domain to advance its war against Ukraine,” said Rob Joyce, NSA’s Cybersecurity Director. “Our analysis offers guidance to help find and eradicate this threat, and raises awareness of this threat targeted by Sandworm malicious cyber activity. We will continue to collaborate across the U.S. government and with our international allies to eradicate cyber threats.”
The report is being released now because of the targeting involved, the fact this is new malware, and the actor group having targeted U.S. government and Defense Industrial Base in the past. The information in the publication will help National Security System, Department of Defense, and Defense Industrial Base network defenders defend against malicious cyber actors.
The malware analysis report was jointly issued by the United Kingdom’s National Cyber Security Centre (NCSC-UK), the U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Canada’s Communications Security Establishment (CSE) and Australian Signals Directorate (ASD).
The Security Service of Ukraine (SBU) publicly uncovered the Infamous Chisel malware campaign in early August 2023 and associated it with the Sandworm threat actor. NSA, CISA, FBI, and NCSC-UK previously attributed the Sandworm actor to the Russian GRU Main Centre for Special Technologies (GTsST).