Alias Description | Votes |
---|---|
APT28 is a possible alias for Sandworm. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influ | 7 |
Industroyer is a possible alias for Sandworm. Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma | 6 |
BlackEnergy is a possible alias for Sandworm. BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a | 5 |
Telebots is a possible alias for Sandworm. TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize | 5 |
GreyEnergy is a possible alias for Sandworm. GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps | 5 |
Apt44 is a possible alias for Sandworm. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv | 5 |
Prestige is a possible alias for Sandworm. Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group belie | 4 |
Frozenbarents is a possible alias for Sandworm. Frozenbarents, also known as Sandworm or Voodoo Bear, is a threat actor linked to Russia's GRU military intelligence agency. Noted for its versatility, the group has executed a variety of cyber-attacks against Ukraine and NATO countries, with a particular emphasis on critical infrastructure, utiliti | 4 |
NotPetya is a possible alias for Sandworm. NotPetya is a destructive malware that posed as ransomware, causing significant global damage in 2017. Despite its appearance as ransomware, NotPetya was not designed to extort money but rather to destroy data and disrupt operations, particularly targeting Ukraine's infrastructure. NotPetya was attr | 4 |
Voodoo Bear is a possible alias for Sandworm. VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th | 4 |
Turla is a possible alias for Sandworm. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | 4 |
IRON VIKING is a possible alias for Sandworm. Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espi | 3 |
Seashell Blizzard is a possible alias for Sandworm. Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the | 3 |
Infamous Chisel is a possible alias for Sandworm. Infamous Chisel is a malicious software (malware) that has been specifically designed to exploit and damage computer systems and devices. This malware operates covertly, infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, Infamou | 3 |
Cyberarmyofrussia_reborn is a possible alias for Sandworm. CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen | 3 |
Solntsepek is a possible alias for Sandworm. Solntsepek is a notorious malware associated with the Russian state-sponsored threat actor, Seashell Blizzard, which is affiliated with the GRU. The group has been identified by Microsoft as one of the three hacktivist groups that regularly interact with Seashell Blizzard, alongside InfoCentr and th | 3 |
Hades is a possible alias for Sandworm. Hades is a significant threat actor that has been active in the cybersecurity landscape, particularly associated with ransomware attacks. The group uses distinctive tactics and infrastructure, as noted by CTU researchers in June 2021. Hades ransomware operators have been observed using Advanced Port | 2 |
Uac-0165 is a possible alias for Sandworm. UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications ser | 2 |
Unc3810 is a possible alias for Sandworm. UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init | 2 |
Seashell Blizzard Iridium is a possible alias for Sandworm. Seashell Blizzard Iridium, also known as Sandworm, is a threat actor reportedly comprised of Russian military intelligence officers. This group has been identified as distinct from other Advanced Persistent Threat (APT) groups associated with the Russian military intelligence GRU, such as Forest Bli | 2 |
Volt Typhoon is a possible alias for Sandworm. Volt Typhoon, a state-sponsored threat actor based in China, has been identified as a significant cybersecurity risk to critical infrastructure sectors in the United States. According to Microsoft and the Five Eyes cybersecurity and intelligence agencies, Volt Typhoon has compromised IT environments | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CaddyWiper Malware is associated with Sandworm. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip | has used | 8 |
The Kapeka Malware is associated with Sandworm. Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, i | is related to | 4 |
The Industroyer2 Malware is associated with Sandworm. Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's | Unspecified | 4 |
The Nikowiper Malware is associated with Sandworm. NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on | Unspecified | 3 |
The Cyclops Blink Malware is associated with Sandworm. Cyclops Blink, a modular malware first identified in 2019, was designed to target network infrastructure. It was often referred to as the "Son of VPNFilter" due to its similarities with that campaign. The malware was specifically engineered to run on Linux systems, particularly those using the 32-bi | Unspecified | 3 |
The KONNI Malware is associated with Sandworm. Konni is a malicious software (malware) linked to North Korea, specifically associated with the state-sponsored Kimsuky group. This advanced persistent threat (APT) has been active since at least 2021, focusing on high-profile targets such as the Russian Ministry of Foreign Affairs, the Russian Emba | Unspecified | 3 |
The Swiftslicer Malware is associated with Sandworm. SwiftSlicer is a new wiper malware, written in Go, that was detected by security researchers on January 25th, 2023. This malicious software was designed to overwrite crucial files used by the Windows operating system, thereby causing significant disruption and damage to infected systems. The malware | Unspecified | 3 |
The Brute Ratel Malware is associated with Sandworm. Brute Ratel C4 (BRc4) is a potent malware that has been used in various cyber-attacks over the past 15 years. The malware infects systems through deceptive MSI installers, which deploy the BRc4 by disguising the payload as legitimate software such as vierm_soft_x64.dll under rundll32 execution. Vari | Unspecified | 2 |
The Acidrain Malware is associated with Sandworm. AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022 | Unspecified | 2 |
The Acidpour Malware is associated with Sandworm. AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infilt | Unspecified | 2 |
The KillDisk Malware is associated with Sandworm. KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their | Unspecified | 2 |
The Prestige Ransomware Malware is associated with Sandworm. In October 2022, a new strain of ransomware known as Prestige was reported by Microsoft. This malware had not been observed by Microsoft prior to its deployment and was found targeting transportation and logistics organizations in Ukraine and Poland. Prestige ransomware infects systems through suspi | Unspecified | 2 |
The Olympic Destroyer Malware is associated with Sandworm. Olympic Destroyer is a notorious malware that was deployed by Sandworm, a cyber-espionage group, during the 2018 Pyeongchang Winter Olympics. The malware caused significant disruption to the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the hos | Unspecified | 2 |
The Roarbat Malware is associated with Sandworm. RoarBat is a malicious software (malware) employed by the Sandworm hacking group, known for its operations against Windows devices. The malware utilizes a BAT script to execute harmful activities, with evidence suggesting that it shares similarities with a cyber attack on Ukrinform, the Ukrainian na | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Sandworm Apt Threat Actor is associated with Sandworm. Sandworm APT, a threat actor linked to Russia, has been identified as the malicious entity behind several significant cyber-attacks. The group is known for its sophisticated operations and evolving tactics, often targeting critical infrastructure and government entities. In one of its most disruptiv | Unspecified | 4 |
The Sandworm Team Threat Actor is associated with Sandworm. The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy" | Unspecified | 3 |
The Sednit Threat Actor is associated with Sandworm. Sednit, also known as APT28, Fancy Bear, Strontium/Forest Blizzard, Pawn Storm, Sofacy, and BlueDelta, is a threat actor group associated with Russia’s military intelligence. This group has been active since at least 2007, targeting governments, militaries, and security organizations worldwide. Sedn | Unspecified | 3 |
The Gamaredon Threat Actor is associated with Sandworm. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement o | Unspecified | 3 |
The APT40 Threat Actor is associated with Sandworm. APT40, a threat actor attributed to China, is a cyber espionage group that primarily targets countries of strategic importance to the Belt and Road Initiative. The group is known for its use of a variety of attack vectors, notably spear-phishing emails posing as individuals likely to be of interest | Unspecified | 2 |
The The Dukes Threat Actor is associated with Sandworm. The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, Nobelium, and BlueBravo, is a threat actor associated with the Russian government. The group has been active since at least 2008 and has targeted various governments, think tanks, diplomatic entities, and political parties. Notably, in Se | Unspecified | 2 |
The Cozy Bear Threat Actor is associated with Sandworm. Cozy Bear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian government. This entity has been behind numerous cyberattacks with malicious intent, targeting various organizations and systems worldwide. The first significant intrusion attributed to Cozy | Unspecified | 2 |
The Frozenlake Threat Actor is associated with Sandworm. Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln | Unspecified | 2 |
The APT29 Threat Actor is associated with Sandworm. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2023-38831 Vulnerability is associated with Sandworm. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil | Unspecified | 4 |
The CVE-2014-4114 Vulnerability is associated with Sandworm. CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, mak | is related to | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securityaffairs | 5 days ago | ||
DARKReading | a month ago | ||
ESET | 2 months ago | ||
DARKReading | 2 months ago | ||
DARKReading | 3 months ago | ||
BankInfoSecurity | 3 months ago | ||
InfoSecurity-magazine | 4 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 5 months ago | ||
BankInfoSecurity | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | 10 months ago | ||
InfoSecurity-magazine | 8 months ago | ||
DARKReading | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
InfoSecurity-magazine | 5 months ago |