Seeking evidence of links between the ransomware gang and state authorities
Its capabilities closely resemble those observed in malware such as Industroyer and Industroyer2
Attackers used VPNs to infiltrate and WinRAR scripts to wipe data
The PowerShell script used by the RansomBoggs operation to distribute the ransomware is very similar to the one used in the Industroyer2 malware attacks against Ukraine's energy industry in April this year
Reports of Ukrainian media organisations receiving emails with compromised Word docs, and AsyncRAT Trojan delivered by groups exploiting the unpatched flaw
The first attack took place no later than February 2022, while the final destructive stages were set for April 8, 2022
Russia-backed Sandworm group was using the malware on WatchGuard Firebox firewall appliances and multiple ASUS router models
Allows attackers to distribute second-stage payloads to infected devices