Negative PID SL
Cyber warfare groups: Sandworm
https://negativepid.blog/cyber-warfare-groups-sandworm/
#cyberWarfare #Sandworm #criticalInfrastructure #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid
MauroGataThe Sandworm by Travis Knight
#sandworm #worm #technical #illustration #design #art #illustration #TravisKnight #Knight
OTX BotSANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
Pulse ID: 699d3e8295822bad54b07e47
Pulse Link: https://otx.alienvault.com/pulse/699d3e8295822bad54b07e47
Pulse Author: Tr1sa111
Created: 2026-02-24 06:00:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #NPM #OTX #OpenThreatExchange #Sandworm #Worm #bot #Tr1sa111
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An active supply chain worm campaign, dubbed SANDWORM_MODE, is spreading through typosquatting and AI toolchain poisoning across at least 19 malicious npm packages. The worm exhibits Shai-Hulud characteristics, incorporating GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation, and MCP server injection targeting AI coding assistants. It harvests credentials from developer and CI environments, exfiltrates data via multiple channels, and uses stolen identities to propagate. The campaign also includes a weaponized GitHub Action for CI secret harvesting. The worm employs a multi-stage design with obfuscated loaders, time-gated execution, and extensive configuration options. It targets high-traffic developer utilities, crypto tooling, and AI coding tools, posing a significant threat to the software supply chain.
Pulse ID: 699c26263923e786afff5330
Pulse Link: https://otx.alienvault.com/pulse/699c26263923e786afff5330
Pulse Author: AlienVault
Created: 2026-02-23 10:04:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DNS #GitHub #ICS #InfoSec #NPM #OTX #OpenThreatExchange #RAT #SSH #Sandworm #SupplyChain #TypoSquatting #Worm #bot #AlienVault
ESET Research#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector.
https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
@CERT_Polska_en did an excellent job investigating the incident and published a detailed analysis in a report:
https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/
#ESETresearch attributes the attack to the 🇷🇺 Russia‑aligned #Sandworm APT group with medium confidence, based on strong overlaps in behavior and TTPs with multiple earlier Sandworm attacks. Specifically, DynoWiper operates in a broadly similar fashion to the ZOV wiper, which we attribute to Sandworm with high confidence.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/dynowiper
https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
@CERT_Polska_en did an excellent job investigating the incident and published a detailed analysis in a report:
https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/
#ESETresearch attributes the attack to the 🇷🇺 Russia‑aligned #Sandworm APT group with medium confidence, based on strong overlaps in behavior and TTPs with multiple earlier Sandworm attacks. Specifically, DynoWiper operates in a broadly similar fashion to the ZOV wiper, which we attribute to Sandworm with high confidence.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/dynowiper
Anna Wasilewska-ŚpiochJeśli ktoś chce zerknąć do świeżo wydanego raportu firmy Dragos dotyczącego ataku na polski sektor energetyczny, to link znajdzie poniżej. Wskazywana przez badaczy grupa Electrum to nic innego jak Sandworm (wg nazewnictwa stosowanego przez ESET) czy po prostu APT44, czyli ślady prowadzą do Rosji. Ale szczegółów brak, same ogólniki. Sugeruję poczekać na publikację polskiego CERT-u, która ma szansę pojawić się już jutro.
https://5943619.hs-sites.com/hubfs/Reports/dragos-2025-poland-attack-report.pdf
CyberVeille.ch📢 Un wiper a visé le réseau électrique polonais, attaque attribuée à Sandworm mais déjouée
📝 Selon Ars Technica, s’appuyant sur une analyse d’ESET et des informations de...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-26-un-wiper-a-vise-le-reseau-electrique-polonais-attaque-attribuee-a-sandworm-mais-dejouee/
🌐 source : https://arstechnica.com/security/2026/01/wiper-malware-targeted-poland-energy-grid-but-failed-to-knock-out-electricity/
#Pologne #Sandworm #Cyberveille
📝 Selon Ars Technica, s’appuyant sur une analyse d’ESET et des informations de...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-26-un-wiper-a-vise-le-reseau-electrique-polonais-attaque-attribuee-a-sandworm-mais-dejouee/
🌐 source : https://arstechnica.com/security/2026/01/wiper-malware-targeted-poland-energy-grid-but-failed-to-knock-out-electricity/
#Pologne #Sandworm #Cyberveille
Teddy / Domingo (🇨🇵/🇬🇧)Sandworm Blamed for Wiper Attack on Poland Power Grid. Researchers attributed the failed attempt to the infamous Russian APT #sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
https://www.darkreading.com/threat-intelligence/sandworm-wiper-attack-poland-power-grid
#russia #cyber #energy #cyberattack
https://www.darkreading.com/threat-intelligence/sandworm-wiper-attack-poland-power-grid
#russia #cyber #energy #cyberattack
Дими́трий