Tag: SandWorm

Sandworm

A BRIEF SNAPSHOT OF SANDWORM THREAT ACTOR

SandWorm is a destructive Russian threat group that has been attributed to Russian GRU Unit 74455 by the U.S. Department of Justice and U.K. National Cyber Security Centre. Sandworm Team has been active since at least 2009.

The tactics employed in SandWorm’s campaigns align with GRU’s philosophy of leveraging aggressive and sometimes destructive cyberattacks. The charges filed against SandWorm represent not only the first criminal charges against SandWorm for its most destructive attacks but the first time that most of the charged threat actors have been publicly identified as members of the cybercriminal group. They also represent SandWorm’s first global law enforcement reaction to their deployment of the NotPetya malware, which crippled networks worldwide.

According to the Government Communications Headquarters (GCHQ), Russia is assessed as a highly competent threat actor with demonstrated potential to carry out operations that have a myriad of impacts across any industry. Russia has been carrying out disruptive cyber activities to establish itself forcefully in various ways, including seeking to disrupt other countries’ elections. For example, it has been widely reported that Russian state-associated groups were behind the “hack and leak” cyberattack, which aimed to breach French political party members’ accounts in the run-up to the 2017 French elections.

The United Kingdom’s Secret Intelligence Service (SIS) reported that this activity “comes to the very muddy nexus between business and corruption and state power in Russia.” GCHQ also stated a “considerable balance of intelligence now which shows the links between serious and organized crime groups and Russian state activity.”

NOTABLE CAMPAIGNS ATTRIBUTED TO SANDWORM

_Around December 2015 and December 2016, SandWorm attempted to destabilize Ukraine by launching cyberattacks against companies that support the country’s electric infrastructure, disrupting the supply of electricity to more than 225,000 Ukrainian customers.

_ SandWorm launched spearphishing campaigns targeting local government entities, political parties, and campaigns in France, including those connected with French President Emmanuel Macron’s presidential campaign.

_ Around June 2017, SandWorm launched its “NotPetya” malware campaign, causing hundreds of victim organizations worldwide to lose one billion dollars collectively.

_ SandWorm retaliated against the 2018 Winter Olympics by launching cyberattacks against critical infrastructure after a Russian government-sponsored doping effort led to Russian athletes being unable to participate under the Russian flag.

Around April 2018, SandWorm undermined efforts to hold Russia accountable for its use of a weapons-grade nerve agent on foreign soil by launching spearphishing campaigns against international and government organizations investigating the poisoning of a former GRU officer and his daughter.

_ SandWorm defaced approximately 15,000 websites in Georgia by launching a cyberattack around October 2019.

Please enter CoinGecko Free Api Key to get this plugin works.