Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44

Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44

April 17, 2024 at 08:48AM

Mandiant’s report details the recent activities of the Russian Sandworm group, now tracked as APT44, known for disruptive malware and cyber operations tied to conventional military activities. APT44 has been linked to several cyber incidents, hacktivist personas, supply chain attacks, and espionage activities, uncovering new connections and disruptive tactics.

Summary:
– Google Cloud’s Mandiant published a report on Russia’s Sandworm group, now tracked as APT44, known for disruptive malware and involvement in espionage, disruption, and disinformation operations.
– Since Russia’s war against Ukraine, Sandworm has focused on causing disruption within Ukraine, employing tactics such as wipers and coordinating cyber operations with military activities.
– Though previously linked to APT28, Mandiant distinguishes Sandworm as APT44 and reveals its use of hacktivist personas like Cyber Army of Russia Reborn (CARR), XAKNET, and Solntsepek.
– CARR has made claims about manipulating critical infrastructure OT assets in the US and EU, with videos allegedly showing manipulation of water utilities in Poland, the US, and disruption of energy generation at a hydroelectric facility in France which were seemingly followed by confirming incidents in the US.
– APT44 has been linked to attacks and operations involving exfiltration of encrypted mobile device messages and supply chain attacks. Additionally, it is attributed to the recent attack on investigative journalism entities.
– APT44 is also tracked under various other names including Blue Echidna, Electrum, FrozenBarents, G0034, Iridium, Iron Viking, Quedagh, Seashell Blizzard, TEMP.Noble, TeleBots, UAC-0082, UAC-0113, and Voodoo Bear.

Let me know if there’s anything else you need!

Full Article