Apt44

Threat Actor updated a month ago (2024-10-03T23:01:17.515Z)
Download STIX
Preview STIX
APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and investigative journalists. The operators behind APT44 are believed to have the ability to direct and influence the CyberArmyofRussia_Reborn's activity across multiple platforms, making them a significant part of cyber warfare between Russia and Ukraine. Between December 2023 and January 2024, APT44 targeted investigative journalists, including the Netherlands-based group Bellingcat. By April 17, Mandiant had upgraded Sandworm to a named Advanced Persistent Threat (APT) group, APT44. The group exploited remote code execution vulnerabilities in third-party software due to inadequate network segmentation and supplier negligence, further emphasizing their capabilities and threat level. In March, APT44 launched a major assault on Ukrainian critical infrastructure, targeting 20 sites to amplify the impact of missile strikes on the war-torn country. This was attributed to APT44 using Queueseed and Gossipflow malware. As a specialized cyber division within Russia's military intelligence service, Sandworm serves Russia's wide-ranging national interests and ambitions, including efforts to undermine democratic processes globally. This makes APT44 a global menace and a substantial threat to cybersecurity.
Description last updated: 2024-10-03T22:17:38.730Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sandworm is a possible alias for Apt44. Sandworm, also known as APT44, is a Russia-linked threat actor believed to be actively supporting Russian military activities in Ukraine. This group has been involved in several high-profile cyberattacks, demonstrating advanced capabilities and persistent efforts to compromise key infrastructures. S
4
Cyberarmyofrussia_reborn is a possible alias for Apt44. CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ukraine
Russia
Malware
Mandiant
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT28 Threat Actor is associated with Apt44. APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a Russia-linked threat actor that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide with a particular focus on thUnspecified
2
Source Document References
Information about the Apt44 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more