Today, Immersive's Container 7 Research Team have released a new CTI lab covering the latest campaign conducted by the Sandworm team, where they've used remote management and monitoring (RMM) tools and abused Windows Group Policies to deploy a new wiper, ZEROLOT.
ESET released a new APT threat report today, and amongst the information was a new malware wiper used to attack critical national infrastructure. However, this malware has not been reported on at all. It has been successfully deployed amongst many organizations, but no analysis has been released. Therefore, we are releasing a SIEM analysis to help our customers create threat detections for this destructive malware.
The threat actor in question is Sandworm Team, a state-sponsored APT group that has been active since at least 2009. Known for highly destructive cyber campaigns, the group has targeted critical infrastructure. In this lab, you'll be exposed to one of Sandworm's latest campaigns, where they use remote management tools to facilitate the deployment of a new wiper, Zerolot.
Why is this lab important?
Many of our customers have asked for an analysis of wiper malware, and the destructive nature of this malware worries organizations around the world. This new strain, which has been deployed numerous times successfully since December 2024, needs effective threat detection to ensure security teams are prepared for this threat.
Who is it for?
- Incident responders
- SOC analyst
- CTI Analysts
- Threat Hunters
Here is the link to the analysis lab:
Immerser
Immerser
