HermeticWiper C2 Infrastructure Targeting Ukraine Predicted and Blocked by Augur
By:
Last week, Zscaler reported ThreatLabz has observed a sharp uptick in activity associated with the HermeticWiper malware, much (but not all) of it targeted to Ukraine this February. The IP associated with important elements of C2 infrastructure (94[.]158[.]244[.]27) was part of a range predicted to be malicious by Augur back in early 2020 and first detected on our networks on February 8.
This IP is part of a /24 registered to Moldovan hoster MIVOCLOUD and attributed to the Russian groups APT29 and Gamaredon. Other IPs in this Augur threat actor profile (Profile 126597) have been attributed to a variety of threat actors, including an IP associated with the Sunburst malware attack on the SolarWinds platform.
About Profile 126597
SecLytics Threat Actor Profile 126597 is focused on a cluster of APT groups (including FIN7, APT33, TA505, Hacking Team, APT29, APT36 and WizardSpider) that all seem to be leveraging shared infrastructure at the Moldovan hoster mentioned above. In the figure below, you can see malware identifiers for the malicious activities associated with Profile 126597.
If You Have Augur, You're Protected!
As always, if you have integrated Augur automated blocking, your organization will have been protected from this threat vector more than 20 months in advance of the first detected attacks.
Prove It To Me
We get it. These predictions are startling, and you want to know if they are real. If you’re interested in seeing how Augur works and how Augur’s predictive intelligence can improve your zero-day protection and overall security posture, email us at augur@seclytics.com.
Proactive Defense for Better Protection
Reactive threat intelligence solutions only protect against documented threats. Augur’s predictive intelligence looks beyond current threats. It leverages machine learning and artificial intelligence to model threat actor behavior - Identifying the build-up of attack infrastructure an average of 51 days before an attack launches. And with a false positive rate of less than 0.01%, you can trust Augur’s predictions - as demonstrated, provide a valuable layer of proactive protection. Our unique predictive threat intel combines with Augur’s enforcement orchestration and automation and rich threat hunting environment to improve protection and streamline SOC operations.
Check Out Augur on our Website
You can learn more about how Augur PDR works here and how it solves real-world security problems here.