Unit 74455
   HOME

TheInfoList



Click Here for Items Related To - Unit 74455
OR:
Unit 74455 on:   [Wikipedia]   [Google]   [Amazon]

Sandworm also known as Unit 74455, is allegedly a Russian cybermilitary unit of the GRU, the organization in charge of Russian military intelligence. Other names, given by cybersecurity researchers, include Telebots, Voodoo Bear, and Iron Viking. The team is believed to be behind the
December 2015 Ukraine power grid cyberattack On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-prese ...
, the
2017 cyberattacks on Ukraine A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germa ...
using the NotPetya malware, various interference efforts in the
2017 French presidential election The 2017 French presidential election was held on 23 April and 7 May 2017. As no candidate won a majority in the first round, a runoff was held between the top two candidates, Emmanuel Macron of En Marche! (EM) and Marine Le Pen of the Nationa ...
, and the cyberattack on the
2018 Winter Olympics opening ceremony The opening ceremony of the 2018 Winter Olympics was held at the Pyeongchang Olympic Stadium in Pyeongchang, South Korea on 9 February 2018. It began at 20:00 KST and finished at approximately 22:20 KST. The Games were officially opened by Pr ...
. Then- United States Attorney for the
Western District of Pennsylvania The United States District Court for the Western District of Pennsylvania (in case citations, W.D. Pa.) is a federal trial court that sits in Pittsburgh, Erie, and Johnstown, Pennsylvania. It is composed of ten judges as authorized by fede ...
Scott Brady described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history." On October 19, 2020 a US-based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes. The officers, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), were all individually charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Five of the six were accused of overtly developing hacking tools, while Ochichenko was accused of participating in
spearphishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
attacks against the 2018 Winter Olympics and conducting technical reconnaissance on and attempting to hack the official domain of the Parliament of Georgia. In February 2022, Sandworm allegedly released the
Cyclops Blink Cyclops Blink is malware that targets routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C). Infection is through an exploit with the code CVE-2022-23176, which allows a privilege escalati ...
as malware. The malware is similar to VPNFilter. The malware allows a botnet to be constructed, and affects Asus routers and
WatchGuard WatchGuard, formally known as WatchGuard Technologies, Inc is a Seattle, Washington-based network security vendor. Its products are designed to protect computer networks from outside threats such as malware and ransomware. The company was foun ...
Firebox and XTM appliances. CISA issued a warning about this malware. In late March 2022, human rights investigators and lawyers in the UC Berkeley School of Law sent a formal request to the Prosecutor of the International Criminal Court in The Hague. They urged the International Criminal Court to consider war crimes charges against Russian hackers for cyberattacks against Ukraine. Sandworm was specifically named in relation to December 2015 attacks on electrical utilities in western Ukraine and 2016 attacks on utilities in Kyiv in 2016. In April 2022, Sandworm attempted a blackout in Ukraine. It is said to be the first attack in five years to use an Industroyer malware variant called Industroyer2.


See also

* Cyberwarfare by Russia *
BlackEnergy BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks. In 2010, BlackEnergy 2 emerged with capabilities beyond DDoS. In 2014, BlackEnergy 3 came equipped with a v ...
*
Fancy Bear Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level ...


References


External links


US Justice Department indictment
{{Hacking in the 2020s GRU Hacking in the 2010s Russian–Ukrainian cyberwarfare Cyberwarfare Russian advanced persistent threat groups