Sandworm Team
   HOME

TheInfoList



Click Here for Items Related To - Sandworm Team
OR:
Sandworm Team on:   [Wikipedia]   [Google]   [Amazon]

Sandworm also known as Unit 74455, is allegedly a Russian cybermilitary unit of the
GRU The Main Directorate of the General Staff of the Armed Forces of the Russian Federation, rus, Гла́вное управле́ние Генера́льного шта́ба Вооружённых сил Росси́йской Федера́ци ...
, the organization in charge of Russian
military intelligence Military intelligence is a military discipline that uses information collection and analysis approaches to provide guidance and direction to assist commanders in their decisions. This aim is achieved by providing an assessment of data from a ...
. Other names, given by
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
researchers, include Telebots, Voodoo Bear, and Iron Viking. The team is believed to be behind the
December 2015 Ukraine power grid cyberattack On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) ...
, the
2017 cyberattacks on Ukraine A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germa ...
using the
NotPetya Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents ...
malware, various interference efforts in the
2017 French presidential election The 2017 French presidential election was held on 23 April and 7 May 2017. As no candidate won a majority in the first round, a runoff was held between the top two candidates, Emmanuel Macron of En Marche! (EM) and Marine Le Pen of the Nationa ...
, and the cyberattack on the
2018 Winter Olympics opening ceremony The opening ceremony of the 2018 Winter Olympics was held at the Pyeongchang Olympic Stadium in Pyeongchang, South Korea on 9 February 2018. It began at 20:00 KST and finished at approximately 22:20 KST. The Games were officially opened by Pr ...
. Then-
United States Attorney United States attorneys are officials of the U.S. Department of Justice who serve as the chief federal law enforcement officers in each of the 94 U.S. federal judicial districts. Each U.S. attorney serves as the United States' chief federal c ...
for the Western District of Pennsylvania
Scott Brady Scott Brady (born Gerard Kenneth Tierney; September 13, 1924 – April 16, 1985) was an American film and television actor best known for his roles in Western films and as a ubiquitous television presence. He played the title role in the televi ...
described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history." On October 19, 2020 a US-based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes. The officers, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), were all individually charged with
conspiracy A conspiracy, also known as a plot, is a secret plan or agreement between persons (called conspirers or conspirators) for an unlawful or harmful purpose, such as murder or treason, especially with political motivation, while keeping their agree ...
to conduct
computer fraud Computer fraud is a cybercrime and the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, ...
and abuse, conspiracy to commit
wire fraud Mail fraud and wire fraud are terms used in the United States to describe the use of a physical or electronic mail system to fraud, defraud another, and are Federal crime in the United States, federal crimes there. Jurisdiction is claimed by the ...
, wire fraud, damaging protected computers, and aggravated
identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was co ...
. Five of the six were accused of overtly developing hacking tools, while Ochichenko was accused of participating in spearphishing attacks against the 2018 Winter Olympics and conducting technical reconnaissance on and attempting to hack the official domain of the
Parliament of Georgia The Parliament of Georgia ( ka, საქართველოს პარლამენტი, tr) is the supreme national legislature of Georgia. It is a unicameral parliament, currently consisting of 150 members; of these, 120 are proportio ...
. In February 2022, Sandworm allegedly released the
Cyclops Blink Cyclops Blink is malware that targets routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C). Infection is through an exploit with the code CVE-2022-23176, which allows a privilege escalati ...
as malware. The malware is similar to
VPNFilter VPNFilter is malware designed to infect routers and certain network attached storage devices. As of 24 May 2018, it is estimated to have infected approximately 500,000 routers worldwide, though the number of at-risk devices is larger. It can steal ...
. The malware allows a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
to be constructed, and affects Asus routers and WatchGuard Firebox and XTM appliances. CISA issued a warning about this malware. In late March 2022, human rights investigators and lawyers in the
UC Berkeley School of Law The University of California, Berkeley, School of Law (commonly known as Berkeley Law or UC Berkeley School of Law) is the law school of the University of California, Berkeley, a public research university in Berkeley, California. It is one of 1 ...
sent a formal request to the
Prosecutor of the International Criminal Court The prosecutor of the International Criminal Court is the officer of the International Criminal Court whose duties include the investigation and Prosecutor, prosecution of the crimes under the jurisdiction of the International Criminal Court, name ...
in
The Hague The Hague ( ; nl, Den Haag or ) is a city and municipality of the Netherlands, situated on the west coast facing the North Sea. The Hague is the country's administrative centre and its seat of government, and while the official capital of ...
. They urged the
International Criminal Court The International Criminal Court (ICC or ICCt) is an intergovernmental organization and international tribunal seated in The Hague, Netherlands. It is the first and only permanent international court with jurisdiction to prosecute individuals ...
to consider war crimes charges against Russian hackers for cyberattacks against Ukraine. Sandworm was specifically named in relation to December 2015 attacks on electrical utilities in western Ukraine and 2016 attacks on utilities in
Kyiv Kyiv, also spelled Kiev, is the capital and most populous city of Ukraine. It is in north-central Ukraine along the Dnieper, Dnieper River. As of 1 January 2021, its population was 2,962,180, making Kyiv the List of European cities by populat ...
in 2016. In April 2022, Sandworm attempted a blackout in Ukraine. It is said to be the first attack in five years to use an
Industroyer Industroyer (also referred to as Crashoverride) is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kyiv, the capital, off power for one hour and is ...
malware variant called Industroyer2.


See also

*
Cyberwarfare by Russia Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of c ...
* BlackEnergy *
Fancy Bear Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level ...


References


External links


US Justice Department indictment
{{Hacking in the 2020s GRU Hacking in the 2010s Russian–Ukrainian cyberwarfare Cyberwarfare Russian advanced persistent threat groups