Federal Times: Since Fifth Domain launched in January, we have brought you stories covering nation-states, associated state proxies and the cyber tactics, techniques and procedures (TTPs) they employ. Much of our coverage has focused on the U.S.’s major cyber adversaries, which include Russia, China, Iran and North Korea.
In January, we analyzed the similarities and differences between the cyberattacks on the Ukraine power grid in December 2016 and December 2015. The threat actor(s) in those incidents is not currently known, but cybersecurity experts suspect it could be Russia or a Russian state cyber proxy, such as Sandworm. Sandworm is known to have developed variants of BlackEnergy, the malware used in both Ukraine grid attacks. Sandworm’s involvement in developing the malware does not prove it was involved in the cyberattacks. In fact, Iranian state actors were recently detected using BlackEnergy to attack U.S. defense contractors.
The most significant government policy, business, and technology news and analysis delivered to your inbox.
Subscribe Now