APT44

APT44 is an intrusion set tracked by Google's Mandiant and graduated to 'APT' status in April 2024, having been active since at least 2009. Also known as Sandworm or FROZENBARENTS, APT44 is a cyber threat group sponsored by Russian military intelligence - specifically Unit 74455 (the Main Centre for Special Technologies) within the GRU. Researchers at Mandiant assess the Unit 74455 / APT44 act as a subordinate to Unit 55111 Information Operations (VIO) alongside Unit 26165/APT28. The group is recognized for its adaptability and integration with Russia's conventional forces, playing a pivotal role in the country's military campaign, particularly against Ukraine.

Beyond Ukraine, APT44's operations are global, targeting political, military, and economic hotspots. With a history of interfering in democratic processes, the group's activities pose a significant threat, especially during national elections.

APT44 is operationally mature, engaging in espionage, attack, and influence operations. It has developed a unified playbook that aligns with Russia's "information confrontation" concept for cyber warfare, blending espionage, sabotage, and influence for combined effect.

APT44 is responsible for some of the most consequential cyber attacks in history, including disruptions of Ukraine's energy grid and the NotPetya attack. As a high-severity threat to global governments and critical infrastructure, APT44 is likely to continue shaping cyber operations in line with Russia's strategic objectives.

cert.gov.ua

https://cert.gov.ua/article/6278706

services.google.com

https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf

cloud.google.com

https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm