National Cyber Warfare Foundation (NCWF)

Sandworm Team
0 user ratings		2024-06-18 15:21:33
blscott

 - archive -- 

Sandworm Team

MITRE:  G0034

Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455. This group has been active since at least 2009.In October 2020, the US indicted six GRU Unit 74455 officers associated with Sandworm Team for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide NotPetya attack, targeting of the 2017 French presidential campaign, the 2018 Olympic Destroyer attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019. Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as APT28.

 Alternate names
ELECTRUM, Telebots, IRON VIKING, BlackEnergy (Group), Quedagh, Voodoo Bear, IRIDIUM, Seashell Blizzard, FROZENBARENTS,

Sandworm is an APT group that has been active since at least 2014 and is believed to be associated with Russian military intelligence (GRU). They are responsible for several high-profile attacks, including the NotPetya ransomware attack in June 2017 which caused widespread damage across Europe. Sandworm has been linked to other attacks such as BlackEnergy3 and Grizzly Steppe. The group is known for their advanced tactics, sophisticated malware, and ability to evade detection by security software. They are considered a threat to critical infrastructure and government organizations around the world.

Techniques, tactics and practices:

Sandworm is an advanced persistent threat group that has been active since at least 2014. They have used a variety of techniques to carry out their attacks, including spear-phishing emails and watering hole attacks. The group is known for using sophisticated malware such as BlackEnergy3 and Grizzly Steppe, which are designed to evade detection by security software. They have also been linked to the NotPetya ransomware attack in June 2017, which caused widespread damage across Europe. Sandworm is considered a threat to critical infrastructure and government organizations around the world due to their advanced tactics and ability to evade detection by security software.


Comments
new comment
Nobody has commented yet. Will you be the first?
  




This link is from a restricted area of the forums.
Forum


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.