CyberSecurityBoard
Sponsor Register Login

Sandworm Team

Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455. This group has been active since at least 2009.In October 2020, the US indicted six GRU Unit 74455 officers associated with Sandworm Team for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide NotPetya attack, targeting of the 2017 French presidential campaign, the 2018 Olympic Destroyer attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019. Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as APT28.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to Sandworm Team

CVE-2024-58071 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Emulating the Sabotage-Focused Russian Adversary Sandworm- Part 2 - Adversary Emulation PublishedJuly 3, 2024 AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and ...
1 year ago Securityboulevard.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
Russian Sandworm hackers breached 11 Ukrainian telcos since May - The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. That is based on a new report by Ukraine's Computer Emergency Response Team citing ...
1 year ago Bleepingcomputer.com
Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack - Ukraine's security service has attributed the cyber-attack on mobile operator Kyivstar to Russian hacking group Sandworm. Kyivstar is Ukraine's largest mobile network carrier, the cyber-attack rendered internet access and mobile communications ...
1 year ago Infosecurity-magazine.com
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
Beyond Protocols: How Team Camaraderie Fortifies Security - When we think about the many different tasks a security team must complete, many of them are challenging and time consuming, to say the least. Logic would dictate that if the security team is of high quality and its members enjoy working with one ...
1 year ago Securityweek.com
How to build a cyber incident response team - As an incident response manager himself, Valentin regularly coordinates security responses for companies of all shapes and sizes - including many of the examples discussed in this post. He explains everything you need to know about building and ...
1 year ago Heimdalsecurity.com
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
2 years ago Thehackernews.com APT29
Meet the new CloudGuard: Risk Management in Action - Security teams need to plan the measures taken to reduce the harmful effects of a CVE, to ensure that the applications they are managing remain secure while business availability is not affected, and developers can continue with their day-to-day ...
1 year ago Blog.checkpoint.com
Sandworm APT targets Ukraine with new SwiftSlicer wiper - Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The ...
2 years ago Securityaffairs.com
Russia's Sandworm blamed for Kyivstar telecom cyberattack The Register - Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar. The attack also reportedly disrupted the air raid alert ...
1 year ago Go.theregister.com Hunters
Failing Upwards: Put on your own mask before assisting others - From poor leaders, I've learned what doesn't work: breaking the team's trust, operating without transparency, employing a destructive and unempathetic approach, micromanaging, and setting people up for failure. In contrast to the negative leadership ...
1 year ago Blog.zsec.uk
Do More with Security Orchestration, Automation, and Response - Today, security operations center teams face dual challenges of acquiring both the right caliber and quantity of staff. With this gap, it's important for SOC teams to consider security, orchestration, automation and response solutions to automate ...
1 year ago Securityboulevard.com
10 Best Free Blue Team Tools in 2025 - IT security experts utilize blue team tools to protect against simulated cyber threats launched by the “red team” to improve cybersecurity and penetration testing procedures. Sigma is a blue team tool for creating and using signatures ...
4 months ago Cybersecuritynews.com
SBU Cybersecurity Chief Exposes Persistent Hacker Presence in Kyivstar - An attack on Kyivstar, a telco company that has some 24 million users in Ukraine, appears to have been carried out by Russia's Sandworm crew last month. Approximately 24 million users' services were disrupted for a period of several days beginning on ...
1 year ago Cysecurity.news
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - Microsoft, which tracks the group as "Seashell Blizzard," has identified a subgroup within 74455 focused solely on gaining initial access to high-value organizations across major industries and geographic regions. Sandworm has targeted ...
5 months ago Darkreading.com CVE-2023-48788 CVE-2024-1709
Sandworm Team - Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455. This group has been active since at least 2009.In ...
1 year ago Attack.mitre.org APT28 Sandworm Team
3 ways to reduce stress on the DevSecOps team - My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief information security officers suffer from work-related stress, and 65% admit their stress levels compromise their ability to ...
1 year ago Infoworld.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
The Most Dangerous People on the Internet in 2023 - It was a banner year for chaos, present and impending, and all reflected in the digital mirror. Each year, WIRED assembles a list of the most dangerous people, groups, and organizations on the internet-both those who intentionally endanger innocent ...
1 year ago Wired.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
How Denmark nulled record attacks on critical infrastructure The Register - Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Detailing the attack waves in a report, it revealed that ...
1 year ago Theregister.com CVE-2023-28771 Silence
Ukraine Sandworm Hackers Strike News Agency with Five Data Wiping Malware - One of the most dreaded groups of hackers, Ukraine Sandworm, is reportedly attacking news agencies with five data wiping malware tools. This group of cybercriminals is known for its sophisticated and destructive techniques, but this is the first time ...
2 years ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)