Sandworm

Also known as: IRIDIUM, Voodoo Bear, Seashell Blizzard, APT44

Overview

Russian GRU Unit 74455. Most destructive cyber threat actor globally. Responsible for NotPetya, Ukraine power grid attacks, and ongoing cyber operations against Ukrainian infrastructure.

MITRE ATT&CK Coverage

Recon

Res Dev

Init Access

Execution

Persistence

Priv Esc

Def Evasion

Cred Access

Discovery

Lat Move

Collection

Exfil

Impact

4 of 14 tactics observed

Raw TTPs

Destructive MalwareICS/SCADA AttacksWiper DeploymentSupply Chain CompromiseLiving-off-the-Land

Related Intelligence (1)

MEDIUMApt

Inside Department 4: Russia’s secret school for hackers

Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. Read more in my article on the Hot for Security blog.

2h agoGraham Cluley