In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant.

Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability.

The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare.

YouTube video showing Sandworm attacking a Ukrainian power plant here.

Episode #56 - When the lights went out in Ukraine (Part 1)

Episode #74 - When the lights went out in Ukraine (Part 2)

Episode #16 - NotPetya