Cyber Threat Report: 'UAC-0133 (Sandworm) plans for cyber sabotage at almost 20 critical infrastructure facilities in Ukraine'

This medium post translates a UA-CERT alert and adds additional technical analysis of the QUEUESEED/KAPEKA backdoor which has been used against Ukraine since at least June 2022. According to the post, UAC-0133 is a subcluster of UAC-0002 (also known as Sandworm/APT44) who have attempted to disrupt about twenty organizations in energy, water and heating supply sectors. This has included the compromise of at least three 'supply chains' to gain initial access. The post provides technical details and threat hunting opportunities the KAPEKA/QUEUESEED backdoors alongside specific IoCs including file names, hashes and IP addresses.