The Russian-backed threat actor known as Sandworm has become such a prominent ally of the Kremlin in the Ukraine war that Mandiant has decided to graduate the group into a named Advanced Persistent Threat (APT) group, APT44.
In a new report, the Google-owned cybersecurity firm revealed that Sandworm has been responsible for almost all the disruptive and destructive operations against Ukraine over the past decade.
Since the outbreak of the war in Ukraine, Sandworm has operated as an umbrella organization for a spectrum of different cyber operations targeting Ukraine and its allies, from influence operations and so-called hacktivist-led disruptive attacks to destructive attacks.
Mandiant also assessed with high confidence that Sandworm’s operations were closely coordinated with the Kremlin to help the Russian military gain a wartime advantage.
A Nebulous Group with Close Ties to the Kremlin
Sandworm is a nebulous Russian-backed cyber threat group whose malicious activity was first detected in 2014 but could date from the 2000s.
The group, which has been given several names over the years, such as Voodoo Bear, Iridium, Seashell Blizzard, Iron Viking, Telebots, and now APT44, is believed to be run by Military Unit 74455, a cyber warfare unit of the Russian military intelligence service (GRU).
This highly skilled cyber-malicious group is allegedly responsible for wide-scale cyber-attacks like the December 2015 Ukraine power grid hack and the 2017 cyberattacks on Ukraine using the NotPetya malware.
No tags.
