HOME

TheInfoList



Click Here for Items Related To - Sandworm (hacker Group)
OR:
Sandworm (hacker Group) on:   [Wikipedia]   [Google]   [Amazon]

Sandworm also known as Unit 74455, is allegedly a Russian cybermilitary unit of the
GRU The Main Directorate of the General Staff of the Armed Forces of the Russian Federation, rus, Гла́вное управле́ние Генера́льного шта́ба Вооружённых сил Росси́йской Федера́ци ...
, the organization in charge of Russian
military intelligence Military intelligence is a military discipline that uses information collection and analysis approaches to provide guidance and direction to assist commanders in their decisions. This aim is achieved by providing an assessment of data from ...
. Other names, given by
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, th ...
researchers, include Telebots, Voodoo Bear, and Iron Viking. The team is believed to be behind the
December 2015 Ukraine power grid cyberattack On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-prese ...
, the
2017 cyberattacks on Ukraine A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germa ...
using the
NotPetya Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents ...
malware, various interference efforts in the
2017 French presidential election The 2017 French presidential election was held on 23 April and 7 May 2017. As no candidate won a majority in the first round, a Two-round system, runoff was held between the top two candidates, Emmanuel Macron of La République En Marche!, En Ma ...
, and the cyberattack on the
2018 Winter Olympics opening ceremony The opening ceremony of the 2018 Winter Olympics was held at the Pyeongchang Olympic Stadium in Pyeongchang, South Korea on 9 February 2018. It began at 20:00 KST and finished at approximately 22:20 KST. The Games were officially opened by ...
. Then-
United States Attorney United States attorneys are officials of the U.S. Department of Justice who serve as the chief federal law enforcement officers in each of the 94 U.S. federal judicial districts. Each U.S. attorney serves as the United States' chief federal ...
for the
Western District of Pennsylvania The United States District Court for the Western District of Pennsylvania (in case citations, W.D. Pa.) is a federal trial court that sits in Pittsburgh, Erie, and Johnstown, Pennsylvania. It is composed of ten judges as authorized by fede ...
Scott Brady Scott Brady (born Gerard Kenneth Tierney; September 13, 1924 – April 16, 1985) was an American film and television actor best known for his roles in Western films and as a ubiquitous television presence. He played the title role in the televi ...
described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history." On October 19, 2020 a US-based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes. The officers, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), were all individually charged with
conspiracy A conspiracy, also known as a plot, is a secret plan or agreement between persons (called conspirers or conspirators) for an unlawful or harmful purpose, such as murder or treason, especially with political motivation, while keeping their agr ...
to conduct
computer fraud Computer fraud is a cybercrime and the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, ...
and abuse, conspiracy to commit
wire fraud Mail fraud and wire fraud are terms used in the United States to describe the use of a physical or electronic mail system to defraud another, and are federal crimes there. Jurisdiction is claimed by the federal government if the illegal activit ...
, wire fraud, damaging protected computers, and aggravated
identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...
. Five of the six were accused of overtly developing hacking tools, while Ochichenko was accused of participating in
spearphishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
attacks against the 2018 Winter Olympics and conducting technical reconnaissance on and attempting to hack the official domain of the
Parliament of Georgia The Parliament of Georgia ( ka, საქართველოს პარლამენტი, tr) is the supreme national legislature of Georgia. It is a unicameral parliament, currently consisting of 150 members; of these, 120 are proporti ...
. In February 2022, Sandworm allegedly released the Cyclops Blink as malware. The malware is similar to VPNFilter. The malware allows a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its co ...
to be constructed, and affects Asus routers and
WatchGuard WatchGuard, formally known as WatchGuard Technologies, Inc is a Seattle, Washington-based network security vendor. Its products are designed to protect computer networks from outside threats such as malware and ransomware. The company was foun ...
Firebox and XTM appliances. CISA issued a warning about this malware. In late March 2022, human rights investigators and lawyers in the
UC Berkeley School of Law The University of California, Berkeley, School of Law (commonly known as Berkeley Law or UC Berkeley School of Law) is the law school of the University of California, Berkeley, a public research university in Berkeley, California. It is one of 1 ...
sent a formal request to the
Prosecutor of the International Criminal Court The prosecutor of the International Criminal Court is the officer of the International Criminal Court whose duties include the investigation and prosecution of the crimes under the jurisdiction of the International Criminal Court, namely genocide, ...
in
The Hague The Hague ( ; nl, Den Haag or ) is a list of cities in the Netherlands by province, city and municipalities of the Netherlands, municipality of the Netherlands, situated on the west coast facing the North Sea. The Hague is the country's ad ...
. They urged the
International Criminal Court The International Criminal Court (ICC or ICCt) is an intergovernmental organization and international tribunal seated in The Hague, Netherlands. It is the first and only permanent international court with jurisdiction to prosecute individua ...
to consider war crimes charges against Russian hackers for cyberattacks against Ukraine. Sandworm was specifically named in relation to December 2015 attacks on electrical utilities in western Ukraine and 2016 attacks on utilities in
Kyiv Kyiv, also spelled Kiev, is the capital and most populous city of Ukraine. It is in north-central Ukraine along the Dnieper, Dnieper River. As of 1 January 2021, its population was 2,962,180, making Kyiv the List of European cities by populat ...
in 2016. In April 2022, Sandworm attempted a blackout in Ukraine. It is said to be the first attack in five years to use an Industroyer malware variant called Industroyer2.


See also

*
Cyberwarfare by Russia Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of ...
* BlackEnergy *
Fancy Bear Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level ...


References


External links


US Justice Department indictment
{{Hacking in the 2020s GRU Hacking in the 2010s Russian–Ukrainian cyberwarfare Cyberwarfare Russian advanced persistent threat groups