Russian cybercrime group Sandworm linked to multiple attacks
Google’s Threat Analysis Group (TAG), the company’s cybersecurity arm that focuses primarily on state-sponsored, espionage-oriented threat actors, has elevated Sandworm, a notorious Russian group, to Advanced Persistent Threat (APT) level and given it a new codename assigned to: APT44.
In a recent analysis of the group, TAG said APT44 has been a “flexible instrument of power capable of serving Russia’s broad national interests,” and said it was crucial in Russia’s war against Ukraine.
“Due to its history of aggressive use of network attack capabilities in political and military contexts, APT44 poses a persistent, very serious threat to governments and operators of critical infrastructure worldwide where Russian national interests intersect,” the researchers said.
Working in the interests of Russia
According to TAG, APT44 was recently linked to several major attacks, including the first disruptions of their kind to the Ukrainian energy network, in the winters of 2015 and 2016. Subsequently, this group was linked to the global NotPetya attack, timed to falls along with the Ukrainian Constitution Day in 2017, as well as the disruption of the opening ceremony of the 2018 Olympic Games in Pyeongchang. APT44 attacked what are essentially their allies as some Russian athletes were banned for using banned substances.
While APT44 was initially tasked with disruption attacks, it has recently focused more on espionage and intelligence gathering. For example, the group’s skills were used on the front lines to exfiltrate communications from captured mobile devices.
“APT44 will almost certainly continue to pose one of the broadest and most serious cyber threats in the world,” the researchers concluded.
“As the Russian war continues, we expect Ukraine to remain the main focus of APT44 operations. However, as history indicates, the group’s willingness to conduct cyber operations in furtherance of the Kremlin’s broader strategic objectives worldwide is baked into its mandate.”
Changing Western political dynamics, upcoming elections and domestic issues will continue to reshape APT44’s operations, Google TAG concluded.