&sq=Qlik&lang=&file=File:Russian_Intelligence_Services_Cyber_Structure.jpg) Organizational structure of Russian Intelligence Service (RIS). The Sandworm group operates under GRU. | |
| Formation | c. 2004–2007[1] |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
| Headquarters | 22 Kirova Street Khimki, Russia |
Region | Russia |
| Methods | Zero-days, spearphishing, malware |
Official language | Russian |
Parent organization | GRU |
| Affiliations | Fancy Bear |
Formerly called | Voodoo Bear [1] Iron Viking [2] Telebots [2] |
Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service.[3] Other names for the group, given by cybersecurity researchers, include APT44,[4] Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard,[5] and Iron Viking.[6][7][8]
The team is believed to be behind the December 2015 Ukraine power grid cyberattack,[9][10][11] the 2017 cyberattacks on Ukraine using the NotPetya malware,[12] various interference efforts in the 2017 French presidential election,[6] and the cyberattack on the 2018 Winter Olympics opening ceremony.[13][14] Then-United States Attorney for the Western District of Pennsylvania Scott Brady described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history."[6]
- ^ Adam Meyers (29 January 2018). "VOODOO BEAR | Threat Actor Profile | CrowdStrike". Crowdstrike.
- ^ a b "UK exposes series of Russian cyber attacks against Olympic and Paralympic Games". National Cyber Security Centre. 19 October 2020.
- ^ Greenberg, Andy (2019). Sandworm: a new era of cyberwar and the hunt for the Kremlin's most dangerous hackers. Knopf Doubleday. ISBN 978-0-385-54441-2.
- ^ "APT44: Unearthing Sandworm" (PDF). Retrieved 12 September 2024.
- ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
- ^ a b c "Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace". DOJ Office of Public Affairs. United States Department of Justice. 19 October 2020. Retrieved 23 July 2021.
- ^ Timberg, Craig; Nakashima, Ellen; Munzinger, Hannes; Tanriverdi, Hakan (30 March 2023). "Secret trove offers rare look into Russian cyberwar ambitions". The Washington Post. Retrieved 31 March 2023.
- ^ "Russia's FSB malign activity: factsheet: Cyber operations and the Russian intelligence services". National Cyber Security Centre (NCSC) and Foreign, Commonwealth and Development Office. 7 December 2023. Archived from the original on 8 December 2023. Retrieved 18 October 2024.
- ^ "Hackers shut down Ukraine power grid". www.ft.com. 5 January 2016. Retrieved 28 October 2020.
- ^ Volz, Dustin (25 February 2016). "U.S. government concludes cyber attack caused Ukraine power outage". Reuters. Retrieved 28 October 2020.
- ^ Hern, Alex (7 January 2016). "Ukrainian blackout caused by hackers that attacked media company, researchers say". The Guardian. ISSN 0261-3077. Retrieved 28 October 2020.
- ^ "The Untold Story of NotPetya, the Most Devastating Cyberattack in History". Wired. ISSN 1059-1028. Retrieved 28 October 2020.
- ^ Greenberg, Andy. "Inside Olympic Destroyer, the Most Deceptive Hack in History". Wired. ISSN 1059-1028. Retrieved 28 October 2020.
- ^ Andrew S. Bowen (24 November 2020). Russian Military Intelligence: Background and Issues for Congress (PDF) (Report). Congressional Research Service. p. 16. Retrieved 21 July 2021.