| Alias Description | Votes |
|---|---|
| APT28 is a possible alias for Sandworm. APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a Russia-linked threat actor that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide with a particular focus on th | 7 |
| Industroyer is a possible alias for Sandworm. Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma | 6 |
| Telebots is a possible alias for Sandworm. TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize | 5 |
| GreyEnergy is a possible alias for Sandworm. GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps | 5 |
| BlackEnergy is a possible alias for Sandworm. BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a | 5 |
| Frozenbarents is a possible alias for Sandworm. Frozenbarents, also known as Sandworm or Voodoo Bear, is a threat actor linked to Russia's GRU military intelligence agency. Noted for its versatility, the group has executed a variety of cyber-attacks against Ukraine and NATO countries, with a particular emphasis on critical infrastructure, utiliti | 4 |
| Prestige is a possible alias for Sandworm. Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group belie | 4 |
| Apt44 is a possible alias for Sandworm. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv | 4 |
| Voodoo Bear is a possible alias for Sandworm. VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th | 4 |
| Turla is a possible alias for Sandworm. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | 4 |
| Solntsepek is a possible alias for Sandworm. Solntsepek is a notorious malware associated with the Russian state-sponsored threat actor, Seashell Blizzard, which is affiliated with the GRU. The group has been identified by Microsoft as one of the three hacktivist groups that regularly interact with Seashell Blizzard, alongside InfoCentr and th | 3 |
| Seashell Blizzard is a possible alias for Sandworm. Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the | 3 |
| Cyberarmyofrussia_reborn is a possible alias for Sandworm. CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen | 3 |
| Infamous Chisel is a possible alias for Sandworm. Infamous Chisel is a malicious software (malware) that has been specifically designed to exploit and damage computer systems and devices. This malware operates covertly, infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, Infamou | 3 |
| IRON VIKING is a possible alias for Sandworm. Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espi | 3 |
| Unc3810 is a possible alias for Sandworm. UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init | 2 |
| Hades is a possible alias for Sandworm. Hades is a significant threat actor that has been active in the cybersecurity landscape, particularly associated with ransomware attacks. The group uses distinctive tactics and infrastructure, as noted by CTU researchers in June 2021. Hades ransomware operators have been observed using Advanced Port | 2 |
| Seashell Blizzard Iridium is a possible alias for Sandworm. Seashell Blizzard Iridium, also known as Sandworm, is a threat actor reportedly comprised of Russian military intelligence officers. This group has been identified as distinct from other Advanced Persistent Threat (APT) groups associated with the Russian military intelligence GRU, such as Forest Bli | 2 |
| Volt Typhoon is a possible alias for Sandworm. Volt Typhoon, a threat actor believed to be associated with the Beijing cyberespionage group and also known as Bronze Silhouette, has been implicated in numerous malicious campaigns. Known for their strong operational security and obfuscation techniques, they have demonstrated capabilities in reconn | 2 |
| Uac-0165 is a possible alias for Sandworm. UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications ser | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The CaddyWiper Malware is associated with Sandworm. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip | has used | 8 |
| The NotPetya Malware is associated with Sandworm. NotPetya is a notorious malware that surfaced in 2017, causing significant global damage while primarily targeting Ukraine's infrastructure. Disguised as ransomware, it was different from other similar malicious programs like WannaCry, TeslaCrypt, and DarkSide because it was data destructive, posing | Unspecified | 4 |
| The Kapeka Malware is associated with Sandworm. Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, i | is related to | 4 |
| The Industroyer2 Malware is associated with Sandworm. Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's | Unspecified | 4 |
| The KONNI Malware is associated with Sandworm. Konni is a malicious software (malware) linked to North Korea, specifically associated with the state-sponsored Kimsuky group. This advanced persistent threat (APT) has been active since at least 2021, focusing on high-profile targets such as the Russian Ministry of Foreign Affairs, the Russian Emba | Unspecified | 3 |
| The Nikowiper Malware is associated with Sandworm. NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on | Unspecified | 3 |
| The Swiftslicer Malware is associated with Sandworm. SwiftSlicer is a new wiper malware, written in Go, that was detected by security researchers on January 25th, 2023. This malicious software was designed to overwrite crucial files used by the Windows operating system, thereby causing significant disruption and damage to infected systems. The malware | Unspecified | 3 |
| The KillDisk Malware is associated with Sandworm. KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their | Unspecified | 2 |
| The Olympic Destroyer Malware is associated with Sandworm. Olympic Destroyer is a notorious malware that was deployed by Sandworm, a cyber-espionage group, during the 2018 Pyeongchang Winter Olympics. The malware caused significant disruption to the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the hos | Unspecified | 2 |
| The Brute Ratel Malware is associated with Sandworm. Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s | Unspecified | 2 |
| The Roarbat Malware is associated with Sandworm. RoarBat is a malicious software (malware) employed by the Sandworm hacking group, known for its operations against Windows devices. The malware utilizes a BAT script to execute harmful activities, with evidence suggesting that it shares similarities with a cyber attack on Ukrinform, the Ukrainian na | Unspecified | 2 |
| The Cyclops Blink Malware is associated with Sandworm. "Cyclops Blink" is a type of modular malware that emerged in 2019, designed to target network infrastructure. It was dubbed the "Son of VPNFilter" due to its similarities with the latter campaign. Specifically crafted to run on Linux systems, particularly those with 32-bit PowerPC architecture, Cycl | Unspecified | 2 |
| The Prestige Ransomware Malware is associated with Sandworm. In October 2022, a new strain of ransomware known as Prestige was reported by Microsoft. This malware had not been observed by Microsoft prior to its deployment and was found targeting transportation and logistics organizations in Ukraine and Poland. Prestige ransomware infects systems through suspi | Unspecified | 2 |
| The Acidrain Malware is associated with Sandworm. AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022 | Unspecified | 2 |
| The Acidpour Malware is associated with Sandworm. AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infilt | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Sandworm Apt Threat Actor is associated with Sandworm. Sandworm APT, a threat actor linked to Russia, has been identified as the malicious entity behind several significant cyber-attacks. The group is known for its sophisticated operations and evolving tactics, often targeting critical infrastructure and government entities. In one of its most disruptiv | Unspecified | 4 |
| The Sandworm Team Threat Actor is associated with Sandworm. The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy" | Unspecified | 3 |
| The Sednit Threat Actor is associated with Sandworm. Sednit, also known as APT28, Fancy Bear, Pawn Storm, Sofacy Group, BlueDelta, and Strontium, is a threat actor associated with Russia's military intelligence. The group has been active since at least 2007, primarily targeting governments, militaries, and security organizations worldwide. Notably, Se | Unspecified | 3 |
| The Gamaredon Threat Actor is associated with Sandworm. Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as one of the most active threat actors in Ukraine, particularly since Russia's invasion of Ukraine in 2022. The group has been known to employ a variety of tools and techniques for cyberespionage, including downloaders | Unspecified | 3 |
| The Cozy Bear Threat Actor is associated with Sandworm. Cozy Bear, also known as APT29 and associated with names like Midnight Blizzard, Nobelium, and The Dukes, is a threat actor believed to be linked with the Russian state. This group has been involved in numerous cyber espionage activities, demonstrating proficiency across multiple operating systems a | Unspecified | 2 |
| The The Dukes Threat Actor is associated with Sandworm. The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor associated with the Russian government that has been active since at least 2008. Notably, this group was implicated in the 2015 attack on the American Democratic National Committee (DNC). The FBI alerted th | Unspecified | 2 |
| The APT29 Threat Actor is associated with Sandworm. APT29, also known as Cozy Bear, Midnight Blizzard, Nobelium, and the Dukes, is a Russia-linked threat actor associated with SVR. This group is notorious for its sophisticated cyber espionage tactics, techniques, and procedures. APT29 often uses The Onion Router (TOR) network, leased and compromised | Unspecified | 2 |
| The APT40 Threat Actor is associated with Sandworm. APT40, a Chinese cyber espionage group suspected to be affiliated with China's Ministry of State Security, has been actively conducting cyberespionage campaigns against government and private organizations in multiple countries. This threat actor typically targets nations strategically significant t | Unspecified | 2 |
| The Frozenlake Threat Actor is associated with Sandworm. Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The CVE-2023-38831 Vulnerability is associated with Sandworm. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil | Unspecified | 4 |
| The CVE-2014-4114 Vulnerability is associated with Sandworm. CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, mak | is related to | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| DARKReading | 22 days ago | ||
| BankInfoSecurity | a month ago | ||
| InfoSecurity-magazine | 2 months ago | ||
| DARKReading | 2 months ago | ||
| Securityaffairs | 2 months ago | ||
| Securityaffairs | 3 months ago | ||
| BankInfoSecurity | 10 months ago | ||
| CERT-EU | 9 months ago | ||
| CERT-EU | 9 months ago | ||
| CERT-EU | 8 months ago | ||
| CERT-EU | 8 months ago | ||
| InfoSecurity-magazine | 6 months ago | ||
| DARKReading | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| InfoSecurity-magazine | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| Recorded Future | 4 months ago | ||
| Securityaffairs | 4 months ago |