Security firm Mandiant designates Russian cyber attack group Sandworm as widespread threat 'APT44'

Mandiant, a security company under Google, has classified Sandworm, a cyber attack group believed to be operated by the Russian government, as an APT, or advanced persistent threat, and given it the name APT44.

Unearthing APT44: Russia's Notorious Cyber Sabotage Unit Sandworm | Google Cloud Blog

APT44: Unearthing Sandworm
(PDF file)

'APT' is an acronym for Advanced, Persistent, and Threat, and refers to attacks that use advanced attack techniques to target targets over long periods of time, from months to years, and to the groups that carry out such attacks.

Sandworm has been conducting cyber attacks in support of Russia's invasion of Ukraine in February 2022, but it is known that it had been launching cyber attacks against Ukraine and other countries prior to that.

The malware 'CrashOverRide' that caused the Ukraine blackout has the potential to disrupt the power grid and cause outages around the world - GIGAZINE

Due to its behavior, Sandworm has previously been reported as an 'APT group,' but Mandiant has now officially designated it as 'APT44.'

According to a report published by Mandiant, APT44 is believed to be part of the intelligence operations unit of the Federal General Staff known as the Main Intelligence Directorate of Russia (GRU), which also includes APT28. Based on the unit's insignia, APT44 is believed to have been founded in 2009.

APT44's activities can be broadly divided into three categories: ESPIONAGE, ATTACK, and INFLUENCE.

Its activities primarily reflect Russia's national interests and ambitions, and it has launched cyber attacks on Ukraine in conjunction with its invasion of the country, but it has also been confirmed that it continues to engage in espionage activities in North and South America, Europe, the Middle East, and Central Asia.

According to Mandiant, based on its track record, APT44 is likely viewed as a 'convenient pawn' by the Russian government's leadership.

Since the beginning of 2024, Russian cyber forces have reportedly taken over the water supply systems of several towns in Texas and the sewage control system of a village in Poland, and there are also reports that they are able to control the water levels of a hydroelectric power plant in France. However, Mandiant has not been able to confirm whether these attacks were carried out by APT44.

Hackers behind water cyberattacks in US, France, Poland have ties to Russian military: report

in Security, Posted by logc_nt