Google Cloud Mandiant security group has identified Sandworm, also known as APT44, as Russia's primary cyberattack unit in Ukraine. Sandworm has been responsible for nearly all disruptive and destructive cyberattacks in Ukraine since Russia's invasion in February 2022, establishing itself as the main cyberattack unit within Russia's Main Intelligence Directorate (GRU).
The Bottom Line Upfront
Sandworm's activities have not been limited to Ukraine, as the threat group has continued to target organizations globally, including the US. The group's broad targeting remit and sophisticated tactics pose a significant risk to governments, critical infrastructure, and other organizations worldwide.
The Breakdown
Sandworm's activities highlight the increasing integration between cyber operations and military objectives. Organizations must be aware of Sandworm's capabilities and tactics, especially those involved in software development and industrial control systems.