Sandworm
Sandworm is a known hacking group that is an alternative name for APT24
Sandworm is an advanced persistent threat (APT) that was discovered in 2014 and has been linked to Russian state-sponsored hacking groups, such as Fancy Bear or APT28. It targets a wide range of industries including energy, nuclear, pharmaceuticals, and chemical companies. Sandworm is known for its sophisticated techniques in stealing sensitive information from targeted organizations through spear-phishing emails, malware attacks, and other methods. The group has been linked to several high-profile cyberattacks including the 2017 WannaCry ransomware attack that affected over 300,000 computers worldwide.
Techniques, tactics and practices:
Sandworm is a highly sophisticated group that uses various techniques to gain access to sensitive information from targeted organizations. Some of their common methods include spear-phishing emails, malware attacks, and exploiting vulnerabilities in software or systems. They also use social engineering tactics such as impersonating legitimate companies or individuals to trick victims into opening infected attachments or clicking on links that lead to compromised websites. Additionally, they have been known to utilize zero-day exploits, which are unknown security flaws that can be used by attackers before the software vendor releases a patch. Overall, Sandworm is an advanced and persistent threat group with extensive resources and expertise in cyber espionage activities.
Alternate Group Names
APT44, Blue Echidna, ELECTRUM, FROZENBARENTS, G0034, IRIDIUM, IRON VIKING, Quedagh, Seashell Blizzard, TEMP.Noble, TeleBots, UAC-0082, UAC-0113, VOODOO BEAR,
