Wikipedia (en)
Sandworm, also known as Unit 74455, is allegedly a Russian cybermilitary unit of the GRU, the organization in charge of Russian military intelligence. Other names, given by cybersecurity researchers, include Telebots, Voodoo Bear, and Iron Viking.The team is believed to be behind the December 2015 Ukraine power grid cyberattack, the 2017 cyberattacks on Ukraine using the NotPetya malware, various interference efforts in the 2017 French presidential election, and the cyberattack on the 2018 Winter Olympics opening ceremony. Then-United States Attorney for the Western District of Pennsylvania Scott Brady described the group's cyber campaign as "representing the most destructive and costly cyber-attacks in history."On October 19, 2020 a US-based grand jury released an indictment charging six alleged Unit 74455 officers with cybercrimes. The officers, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), were all individually charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Five of the six were accused of overtly developing hacking tools, while Ochichenko was accused of participating in spearphishing attacks against the 2018 Winter Olympics and conducting technical reconnaissance on and attempting to hack the official domain of the Parliament of Georgia.In February 2022, Sandworm allegedly released the Cyclops Blink as malware. The malware is similar to VPNFilter. The malware allows a botnet to be constructed, and affects Asus routers and WatchGuard Firebox and XTM appliances. CISA issued a warning about this malware.In late March 2022, human rights investigators and lawyers in the UC Berkeley School of Law sent a formal request to the Prosecutor of the International Criminal Court in The Hague. They urged the International Criminal Court to consider war crimes charges against Russian hackers for cyberattacks against Ukraine. Sandworm was specifically named in relation to December 2015 attacks on electrical utilities in western Ukraine and 2016 attacks on utilities in Kyiv in 2016.In April 2022, Sandworm attempted a blackout in Ukraine. It is said to be the first attack in five years to use an Industroyer malware variant called Industroyer2.
