SandWorm is a destructive Russian threat group that has been attributed to Russian GRU Unit 74455 by the U.S. Department of Justice and U.K. National Cyber Security Centre. Sandworm Team has been active since at least 2009.
The tactics employed in SandWorm’s campaigns align with GRU’s philosophy of leveraging aggressive and sometimes destructive cyberattacks. The charges filed against SandWorm represent not only the first criminal charges against SandWorm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group. They also represent SandWorm’s first global law enforcement reaction to their deployment of the NotPetya malware, which crippled networks worldwide.
According to the Government Communications Headquarters (GCHQ), Russia is assessed as a highly competent threat actor with demonstrated potential to carry out operations that have a myriad of impacts across any industry. Russia has been carrying out disruptive cyber activities to establish itself forcefully in various ways, including seeking to disrupt other countries’ elections. For example, it has been widely reported that Russian state-associated groups were behind the “hack and leak” cyberattack, which aimed to breach French political party members’ accounts in the run-up to the 2017 French elections.
The United Kingdom’s Secret Intelligence Service (SIS) reported that this activity “comes to the very muddy nexus between business and corruption and state power in Russia.” GCHQ also stated a “considerable balance of intelligence now which shows the links between serious and organized crime groups and Russian state activity.”
There are other affiliated names such as ELECTRUM, Telebots, IRON VIKING, BlackEnergy, Quedagh and VOODOO BEAR.
NOTABLE CAMPAIGNS ATTRIBUTED TO SANDWORM
_Around December 2015 and December 2016, SandWorm attempted to destabilize Ukraine by launching cyberattacks against companies that support the country’s electric infrastructure, disrupting the supply of electricity to more than 225,000 Ukrainian customers.
_ SandWorm launched spearphishing campaigns targeting local government entities, political parties, and campaigns in France, including those connected with French President Emmanuel Macron’s presidential campaign.
_ Around June 2017, SandWorm launched its “NotPetya” malware campaign, causing hundreds of victim organizations worldwide to lose one billion dollars collectively.
_ SandWorm retaliated against the 2018 Winter Olympics by launching cyberattacks against critical infrastructure after a Russian government-sponsored doping effort led to Russian athletes being unable to participate under the Russian flag.
_ Around April 2018, SandWorm undermined efforts to hold Russia accountable for its use of a weapons-grade nerve agent on foreign soil by launching spearphishing campaigns against international and government organizations investigating the poisoning of a former GRU officer and his daughter.
_ SandWorm defaced approximately 15,000 websites in Georgia by launching a cyberattack around October 2019.
New findings show that a threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers.…
Last December, a cyber attack on the Ukrainian Electric power grid caused a power outage in the northern part of Kyiv — the country’s capital — and surrounding areas, causing…
The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kyiv, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples…
Please enter CoinGecko Free Api Key to get this plugin works.