October 2015
-STARLIGHTMEDIA[i]
GRU attack Ukrainian broadcasters, StarLightMedia. Two servers were found offline. Server admins didn’t suspect it, but their security officer did, Yasinsky thought two servers going out at once was “suspicious”. Upon examination, Yasinsky found the master boot record had been wiped out. These two machines were operating as “Domain Controllers”. A Domain Controller (define).
Additionally, 13 laptops were contaminated with malware. They too had their master boot record overwritten. More machines would have been infected if not for the destruction of the initial two machines.
Then came TRK, another media company that was hit. As seen in the Ukrainian power plant strike, KillDisk was the culprit. The malware had been brought in by the notorious trojan, BlackEnergy.
Yet another attack hit a railway company in Ukraine, Ukrzaliznytsia. Same combo, KillDisk and BlackEnergy.
[i] https://www.wired.com/story/russian-hackers-attack-ukraine/