Sandworm Apt

Threat Actor updated a month ago (2024-11-29T14:42:47.127Z)
Download STIX
Preview STIX
Sandworm APT, a threat actor linked to Russia, has been identified as the malicious entity behind several significant cyber-attacks. The group is known for its sophisticated operations and evolving tactics, often targeting critical infrastructure and government entities. In one of its most disruptive campaigns, Sandworm compromised 11 Ukrainian telecommunications providers, causing extensive disruptions and demonstrating its capability to execute complex, large-scale attacks. In another notable instance, Sandworm was found to be using a previously unknown backdoor dubbed Kapeka. This discovery underscored the group's ability to develop and deploy advanced persistent threats, further enhancing its reputation as a formidable cyber adversary. The use of such undisclosed vulnerabilities enables Sandworm to infiltrate systems undetected, making it particularly challenging to defend against their attacks. Moreover, Sandworm has expanded its arsenal with the addition of a new destructive malware known as NikoWiper. This malware, based on Microsoft's SDelete utility, is used for securely deleting files, highlighting the group's intent to not just infiltrate but also cause significant damage to targeted systems. This evolution in Sandworm's tactics underscores the increasing threat posed by this actor and necessitates heightened vigilance and robust cybersecurity measures.
Description last updated: 2024-08-14T08:53:23.609Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Apt
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sandworm Threat Actor is associated with Sandworm Apt. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which cUnspecified
4
Source Document References
Information about the Sandworm Apt Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 months ago
Securityaffairs
5 months ago
BankInfoSecurity
a year ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
10 months ago