Enter PrestigeLast month, Microsoft said that Poland and Ukraine transportation and logistics organizations had been the target of cyberattacks that used never-before-seen ransomware that announced itself as Prestige.“The Prestige campaign may highlight a measured shift in Iridium’s destructive attack calculus, signaling increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine,” MSTIC members wrote.“More broadly, it may represent an increased risk to organizations in Eastern Europe that may be considered by the Russian state to be providing support relating to the war.”Thursday’s update went on to say that the Prestige campaign is distinct from destructive attacks in the past two weeks that used malware tracked as AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper) to target multiple critical infrastructures in Ukraine.They included:Windows scheduled tasksencoded PowerShell commands, andDefault Domain Group Policy Objects“Most ransomware operators develop a preferred set of tradecraft for their payload deployment and execution, and this tradecraft tends to be consistent across victims, unless a security configuration prevents their preferred method,” MSTIC members explained.“For this Iridium activity, the methods used to deploy the ransomware varied across the victim environments, but it does not appear to be due to security configurations preventing the attacker from using the same techniques."