Sandworm (hacker group)

From Wikipedia, the free encyclopedia
Sandworm Team
Formationc. 2004–2007[1]
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Headquarters22 Kirova Street
Region
Russia
MethodsZero-days, spearphishing, malware
Official language
Russian
Parent organization
GRU
AffiliationsFancy Bear/Unit 26165
Formerly called
Voodoo Bear
Sandworm
Iron Viking
Telebots

Sandworm also known as Unit 74455, is allegedly a Russian cybermilitary unit of the GRU, the organization in charge of Russian military intelligence.[1] Other names, given by cybersecurity researchers, include Telebots, Voodoo Bear, and Iron Viking.[2]

The team is believed to be behind the December 2015 Ukraine power grid cyberattack,[3][4][5] the 2017 cyberattacks on Ukraine using the Petya malware,[6] various interference efforts in the 2017 French presidential election,[2] and the cyberattack on the 2018 Winter Olympics opening ceremony.[7][8] Then-United States Attorney for the Western District of Pennsylvania Scott Brady described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history."[2]

On October 19, 2020 a US-based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes.[9][10][11] The officers, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), were all individually charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Five of the six were accused of overtly developing hacking tools, while Ochichenko was accused of participating in spearphishing attacks against the 2018 Winter Olympics and conducting technical reconnaissance on and attempting to hack the official domain of the Parliament of Georgia.[2]

See also[]

References[]

  1. ^ Greenberg, Andy (2019). Sandworm: a new era of cyberwar and the hunt for the Kremlin's most dangerous hackers. Knopf Doubleday. ISBN 978-0-385-54441-2.
  2. ^ a b c d "Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace". DOJ Office of Public Affairs. United States Department of Justice. October 19, 2020. Retrieved July 23, 2021.
  3. ^ "Hackers shut down Ukraine power grid". www.ft.com. 5 January 2016. Retrieved 2020-10-28.
  4. ^ Volz, Dustin (25 February 2016). "U.S. government concludes cyber attack caused Ukraine power outage". Reuters. Retrieved 2020-10-28.
  5. ^ Hern, Alex (7 January 2016). "Ukrainian blackout caused by hackers that attacked media company, researchers say". The Guardian. ISSN 0261-3077. Retrieved 2020-10-28.
  6. ^ "The Untold Story of NotPetya, the Most Devastating Cyberattack in History". Wired. ISSN 1059-1028. Retrieved 2020-10-28.
  7. ^ Greenberg, Andy. "Inside Olympic Destroyer, the Most Deceptive Hack in History". Wired. ISSN 1059-1028. Retrieved 2020-10-28.
  8. ^ Andrew S. Bowen (November 24, 2020). Russian Military Intelligence: Background and Issues for Congress (PDF) (Report). Congressional Research Service. p. 16. Retrieved July 21, 2021.
  9. ^ Cimpanu, Catalin. "US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks". ZDNet. Retrieved 2020-10-28.
  10. ^ "Russian cyber-attack spree shows what unrestrained internet warfare looks like". The Guardian. 19 October 2020. Retrieved 2020-10-28.
  11. ^ "US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit". Wired. ISSN 1059-1028. Retrieved 2020-10-28.

External links[]

Retrieved from ""