A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige.
“The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper),” the Microsoft Threat Intelligence Centre (MSTIC) said.
The tech giant remarked the intrusions occurred within an hour of each other across all victims, attributing the infections to an unnamed cluster called DEV-0960. It did not disclose the scale of the attacks, but stated it’s notifying all affected customers.
The campaign is also believed to be distinct from other recent destructive attacks that have involved the use of HermeticWiper and CaddyWiper, the latter of which is launched by a malware loader called ArguePatch (aka AprilAxe).
The method of initial access remains unknown, with Microsoft noting that the threat actor had already obtained privileged access to the compromised environment to deploy the ransomware using three different methods.
images from Hacker News