CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army - #Sandworm
The cyber threat landscape in Eastern Europe, particularly Ukraine, has intensified with Russian state-backed APT groups like Sandworm (APT44) launching sophisticated attacks on critical infrastructure. The Kapeka (KnuckleTouch) backdoor, attributed to Russia's GRU Unit 74455, has emerged as a potent tool for infiltrating energy, water, and heating sectors. Sandworm's evolving tactics include supply chain compromises, deployment of new malware variants like LOADGRIP and BIASBOAT, and collaboration with cybercriminals to avoid attribution. The group's activities extend beyond Ukraine, posing a global cyber proliferation risk. In response, international efforts to combat these threats have increased, including the reauthorization of surveillance laws, visa restrictions on spyware developers, and calls for enhanced law enforcement resources to fight cybercrime.