Cyber Threat Report: 'APT44: Unearthing Sandworm'

This report from researchers at Mandiant marks the graduation of the Sandworm intrusion set to the Mandiant APT label: APT44. It provides a comprehensive overview of the group including attribution, victimology and tactics/techniques/procedures (TTPs). According to the report, APT44 is a Russian Federation-backed cyber threat group attributed to the GRU's Unit 74455. It engages in espionage, attack, and influence operations globally. The group targets a wide range of sectors worldwide, including government, defense, energy, and media, with a history of attempting to interfere in democratic processes. The group uses a variety of initial access methods, from phishing to exploitation of vulnerabilities, and then employs living-off-the-land techniques alongside a range of tooling to move laterally and achieve objectives. The group has been responsible for numerous disruptive and destructive cyber attacks, particularly against Ukrainian critical infrastructure, and is assessed as coordinating with Russia's conventional military forces.