Russian Sandworm cybercrime group linked to multiple attacks
Sandworm was behind NotPetya and the attacks on the 2018 Olympic Games
Google’s Threat Analysis Group (TAG), the company’s cybersecurity arm that focuses mostly on state-sponsored, espionage-oriented threat actors, has elevated Sandworm, an infamous Russian group, to Advanced Persistent Threat (APT) level, assigning it a new codename - APT44.
In a recent analysis of the group, TAG said APT44 has been a “flexible instrument of power capable of servicing Russia's wide ranging national interests”, and said it was pivotal in Russia’s war against Ukraine.
“Due to its history of aggressive use of network attack capabilities across political and military contexts, APT44 presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect,” the researchers said.
Working in Russia's interest
According to TAG, APT44 was linked to multiple major attacks recently, including the first-of-their-kind disruptions of Ukraine’s energy grid, in the winters of 2015 and 2016. Then, this group was linked to the global NotPetya attack, timed to coincide with Ukraine’s Constitution Day in 2017, as well as the disruption of the opening ceremony of the 2018 Pyeongchang Olympics. APT44 attacked what are essentially their allies, because some of Russia’s athletes were banned for using banned substances.
While APT44 was initially tasked with disruption attacks, lately it has pivoted more towards espionage and intelligence gathering. For example, the group’s skills were used on the front line to exfiltrate communications from captured mobile devices.
“APT44 will almost certainly continue to present one of the widest and highest severity cyber threats globally,” the researchers concluded.
“As Russia’s war continues, we anticipate Ukraine will remain the principal focus of APT44 operations. However, as history indicates, the group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Changing Western political dynamics, upcoming elections, and domestic issues will continue reshaping APT44’s operations, Google TAG concluded.
More from TechRadar Pro
- This dangerous Russian-linked malware could shut down power grids
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.