Sandworm

Sandworm is a cyber threat actor reportedly linked to the Russian government and responsible for conducting numerous cyber attack campaigns. The group have been identified as being responsible for disruptive and destructive attacks against multiple targets.

services.google.com

https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf

www.dragos.com

https://www.dragos.com/threat/electrum/

www.justice.gov

https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

www.cisa.gov

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a

labs.withsecure.com

https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Research-Kapeka.pdf

www.mandiant.com

https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

www.welivesecurity.com

https://www.welivesecurity.com/2022/03/21/sandworm-tale-disruption-told-anew/

www.mandiant.com

https://www.mandiant.com/resources/blog/ukraine-and-sandworm-team

services.google.com

https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf

www.sentinelone.com

https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/

cert.gov.ua

https://cert.gov.ua/article/6278706