Sandworm
Russia-attributed threat group operated by GRU Unit 74455. Responsible for the most destructive cyberattacks on record including the 2015 and 2016 Ukrainian power grid attacks, NotPetya, and attacks on the 2018 Winter Olympics.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
8 mentions · 2 sources"The group is commonly attributed to Unit 74455 of the Russian Main Intelligence Directorate (GRU)."
"ESET Research has now found that the attack was the work of the notorious Russia-aligned APT group Sandworm."
"captured multiple malicious samples from APT-C-13 (Sandworm) organization conducting targeted attacks"
"which we attribute to Sandworm with high confidence"
"Some have graduated and joined both Fancy Bear and the notorious Sandworm group, which has been linked to attacks on Ukraine's power grid, the Winter Olympics, and the NotPetya malware that caused billions of damage around the world"
"Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed"
"We attribute DynoWiper to Sandworm with medium confidence"
Hedge terms observed