#sandworm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sandworm, aggregated by home.social.
-
🐛🤖 "Shai-Hulud-themed malware" in PyTorch Lightning? Really? What's next, a Bene Gesserit ransomware? This is just another excuse for a #cybersecurity company to throw #buzzwords like multimodal and AI at us while riding the #sandworm of #fearmongering. 📈🔒
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/ #ShaiHuludMalware #PyTorchLightning #HackerNews #ngated -
🐛🤖 "Shai-Hulud-themed malware" in PyTorch Lightning? Really? What's next, a Bene Gesserit ransomware? This is just another excuse for a #cybersecurity company to throw #buzzwords like multimodal and AI at us while riding the #sandworm of #fearmongering. 📈🔒
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/ #ShaiHuludMalware #PyTorchLightning #HackerNews #ngated -
🐛🤖 "Shai-Hulud-themed malware" in PyTorch Lightning? Really? What's next, a Bene Gesserit ransomware? This is just another excuse for a #cybersecurity company to throw #buzzwords like multimodal and AI at us while riding the #sandworm of #fearmongering. 📈🔒
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/ #ShaiHuludMalware #PyTorchLightning #HackerNews #ngated -
🐛🤖 "Shai-Hulud-themed malware" in PyTorch Lightning? Really? What's next, a Bene Gesserit ransomware? This is just another excuse for a #cybersecurity company to throw #buzzwords like multimodal and AI at us while riding the #sandworm of #fearmongering. 📈🔒
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/ #ShaiHuludMalware #PyTorchLightning #HackerNews #ngated -
🐛🤖 "Shai-Hulud-themed malware" in PyTorch Lightning? Really? What's next, a Bene Gesserit ransomware? This is just another excuse for a #cybersecurity company to throw #buzzwords like multimodal and AI at us while riding the #sandworm of #fearmongering. 📈🔒
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/ #ShaiHuludMalware #PyTorchLightning #HackerNews #ngated -
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Energy Sector Incident Report
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Pulse ID: 69f32ac81834d5a878e8fac0
Pulse Link: https://otx.alienvault.com/pulse/69f32ac81834d5a878e8fac0
Pulse Author: AlienVault
Created: 2026-04-30 10:11:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberAttack #CyberAttacks #CyberSecurity #IndustrialControlSystems #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #Password #Passwords #Poland #RAT #Sandworm #Word #Worm #bot #AlienVault
-
Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.
Pulse ID: 69f1f50a5410ca637c84368c
Pulse Link: https://otx.alienvault.com/pulse/69f1f50a5410ca637c84368c
Pulse Author: AlienVault
Created: 2026-04-29 12:09:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault
-
Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.
Pulse ID: 69f1f50a5410ca637c84368c
Pulse Link: https://otx.alienvault.com/pulse/69f1f50a5410ca637c84368c
Pulse Author: AlienVault
Created: 2026-04-29 12:09:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault
-
Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.
Pulse ID: 69f1f50a5410ca637c84368c
Pulse Link: https://otx.alienvault.com/pulse/69f1f50a5410ca637c84368c
Pulse Author: AlienVault
Created: 2026-04-29 12:09:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault
-
Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.
Pulse ID: 69f1f50a5410ca637c84368c
Pulse Link: https://otx.alienvault.com/pulse/69f1f50a5410ca637c84368c
Pulse Author: AlienVault
Created: 2026-04-29 12:09:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault
-
Analysis of Attack Activities Using SSH+TOR Tunnels to Achieve Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage operations. The organization recently deployed malicious campaigns using nested SSH and TOR tunnel infrastructure to establish covert remote access channels. Attackers distribute ZIP archives containing weaponized LNK files via spearphishing emails, which extract and execute payloads that create scheduled tasks disguised as legitimate software. The attack establishes dual-encrypted anonymous tunnels using obfs4 protocol to bypass deep packet inspection, while mapping sensitive ports (SMB/445, RDP/3389) to Onion domains for persistent backdoor access. The campaign leverages sophisticated anti-analysis techniques including sandbox detection, file disguise, and process masquerading to evade detection and maintain long-term unauthorized control over compromised systems for intelligence collection.
Pulse ID: 69f1f50a5410ca637c84368c
Pulse Link: https://otx.alienvault.com/pulse/69f1f50a5410ca637c84368c
Pulse Author: AlienVault
Created: 2026-04-29 12:09:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Email #Espionage #InfoSec #LNK #OTX #Onion #OpenThreatExchange #Phishing #RAT #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #ZIP #bot #AlienVault
-
疑似APT-C-13(Sandworm)组织利用SSH+TOR隧道实现隐蔽持久化的攻击活动分析-安全资讯-360官网
Pulse ID: 69f1f472cc1acc636d7983ef
Pulse Link: https://otx.alienvault.com/pulse/69f1f472cc1acc636d7983ef
Pulse Author: CyberHunter_NL
Created: 2026-04-29 12:07:14Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #SSH #Sandworm #Worm #bot #CyberHunter_NL
-
Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.
Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault
-
Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.
Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault
-
Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.
Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault
-
Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.
Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault
-
Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence
APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.
Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault
-
-
Europe’s Power Grid Faces Hybrid Warfare Threat
European electricity infrastructure has become a target of sustained hybrid warfare, and a new report from Eurelectric, the…
#Europe #EU #CriticalInfrastructure #cyberattack #DTEK #EURELECTRIC #European #Fingrid #gridresilience #HybridWarfare #Sandworm
https://www.europesays.com/europe/3489/ -
The Sandworm by Travis Knight
#sandworm #worm #technical #illustration #design #art #illustration #TravisKnight #Knight
-
How Russia’s Most Dangerous Hacking Group Targeted Poland’s Electric Infrastructure https://www.byteseu.com/1763859/ #CriticalInfrastructureSecurity #NATOCyberDefense #Poland #PolandElectricityGrid #RussianCyberattack #Sandworm
-
Jeśli ktoś chce zerknąć do świeżo wydanego raportu firmy Dragos dotyczącego ataku na polski sektor energetyczny, to link znajdzie poniżej. Wskazywana przez badaczy grupa Electrum to nic innego jak Sandworm (wg nazewnictwa stosowanego przez ESET) czy po prostu APT44, czyli ślady prowadzą do Rosji. Ale szczegółów brak, same ogólniki. Sugeruję poczekać na publikację polskiego CERT-u, która ma szansę pojawić się już jutro.
https://5943619.hs-sites.com/hubfs/Reports/dragos-2025-poland-attack-report.pdf
-
CW: kinda looks like a butthole, but only kinda
This is a sunspot. If it doesn't frighten you the same way it frightens me, you have no soul.
photo credit unknown, NASA probably.
-
🇵🇱 🇷🇺 Ruská skupina Sandworm v roce 2025 útočila na polskou energetiku
https://infoek.cz/ruska-skupina-sandworm-v-roce-2025-utocila-na-polskou-energetiku-2026/
🇵🇱 🇷🇺 Russian group Sandworm attacked Polish energy sector in 2025
#RussianAPT #Russia #APT #Poland #CyberSecurity #Tech #Sandworm #ESET
-
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
#Sandworm
https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/ -
Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities https://hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/ #SeashellBlizzard #CurlyCOMrades #Cybersecurity #Vulnerability #CyberAttack #CyberCrime #Security #Sandworm #Malware #Amazon #Russia #APT44 #0day #AWS #GRU
-
🔐 🖥️ 🌐 🛡️ Russian state-sponsored hackers are moving away from security vulnerabilities and breaking into critical infrastructure through misconfigured devices, warns Amazon Threat Intelligence. ⚠️ 🏭 🔍
Read: https://hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/
-
Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks https://www.securityweek.com/amazon-russian-hackers-now-favor-misconfigurations-in-critical-infrastructure-attacks/ #criticalinfrastructure #Malware&Threats #Nation-State #Sandworm #Amazon #Russia #APT
-
AWS Blames Russia’s GRU for Years-Long Espionage Campaign Targeting Western Energy Infrastructure https://thecyberexpress.com/espionage-western-critical-infrastructure/ #WesternCriticalInfrastructure #criticalinfrastructure #EnergyInfrastructure #RussianThreatActor #EnergySupplyChain #FirewallDaily #RussianGRU #CyberNews #Espionage #Sandworm #APT44
-
AWS Blames Russia’s GRU for Years-Long Espionage Campaign Targeting Western Energy Infrastructure https://thecyberexpress.com/espionage-western-critical-infrastructure/ #WesternCriticalInfrastructure #criticalinfrastructure #EnergyInfrastructure #RussianThreatActor #EnergySupplyChain #FirewallDaily #RussianGRU #CyberNews #Espionage #Sandworm #APT44
-
AWS Blames Russia’s GRU for Years-Long Espionage Campaign Targeting Western Energy Infrastructure https://thecyberexpress.com/espionage-western-critical-infrastructure/ #WesternCriticalInfrastructure #criticalinfrastructure #EnergyInfrastructure #RussianThreatActor #EnergySupplyChain #FirewallDaily #RussianGRU #CyberNews #Espionage #Sandworm #APT44
-
AWS Blames Russia’s GRU for Years-Long Espionage Campaign Targeting Western Energy Infrastructure https://thecyberexpress.com/espionage-western-critical-infrastructure/ #WesternCriticalInfrastructure #criticalinfrastructure #EnergyInfrastructure #RussianThreatActor #EnergySupplyChain #FirewallDaily #RussianGRU #CyberNews #Espionage #Sandworm #APT44
-
🚀🐛 Oh no! A #sandworm named Shai-Hulud decided to slither into our #dev machine and throw a #party on our #GitHub org. But don’t worry, we've got a fancy timeline of how "invincible" our #AI #agents were and how we’re "building next" the ultimate road to... nowhere! 🤖📉
https://trigger.dev/blog/shai-hulud-postmortem #mishap #tech #humor #HackerNews #ngated -
🇷🇺 Ruská skupina Sandworm se snaží ochromit Ukrajinu mazáním dat?
https://infoek.cz/ruska-skupina-sandworm-se-snazi-ochromit-ukrajinu-mazanim-dat-2025/
🇷🇺Is the Russian Sandworm group trying to cripple Ukraine by deleting data?
-
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine - One of the world’s most ruthless and advanced hacking groups... - https://arstechnica.com/security/2025/11/wipers-from-russias-most-cut-throat-hackers-rain-destruction-on-ukraine/ #security #sandworm #malware #ukraine #biz #russia #wipers #war
-
Russia’s notorious Sandworm group isn’t just hitting power grids anymore—they’re now targeting Ukraine’s grain sector and food security. How deep does this cyber siege go?
#sandworm
#apt44
#cyberwarfare
#ukraine
#criticalinfrastructure
#databreach
#malware
#ransomware
#cyberattacks -
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure https://thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/ #TheCyberExpressNews #Belarusianmilitary #TheCyberExpress #FirewallDaily #DarkWebNews #CyberNews #Backdoor #Sandworm #darkweb
-
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure https://thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/ #TheCyberExpressNews #Belarusianmilitary #TheCyberExpress #FirewallDaily #DarkWebNews #CyberNews #Backdoor #Sandworm #darkweb
-
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure https://thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/ #TheCyberExpressNews #Belarusianmilitary #TheCyberExpress #FirewallDaily #DarkWebNews #CyberNews #Backdoor #Sandworm #darkweb
-
Cyble Detects Advanced Backdoor Targeting Defense Systems via Belarus Military Lure https://thecyberexpress.com/belarus-military-hit-by-ssh-tor-backdoor/ #TheCyberExpressNews #Belarusianmilitary #TheCyberExpress #FirewallDaily #DarkWebNews #CyberNews #Backdoor #Sandworm #darkweb