Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Russian Sandworm cybercrime group linked to multiple attacks

A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag.

Google’s Threat Analysis Group (TAG), the company’s cybersecurity arm that focuses mostly on state-sponsored, espionage-oriented threat actors, has elevated Sandworm, an infamous Russian group, to Advanced Persistent Threat (APT) level, assigning it a new codename - APT44.

In a recent analysis of the group, TAG said APT44 has been a “flexible instrument of power capable of servicing Russia's wide ranging national interests”, and said it was pivotal in Russia’s war against Ukraine. 

“Due to its history of aggressive use of network attack capabilities across political and military contexts, APT44 presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect,” the researchers said.

Working in Russia's interest

According to TAG, APT44 was linked to multiple major attacks recently, including the first-of-their-kind disruptions of Ukraine’s energy grid, in the winters of 2015 and 2016. Then, this group was linked to the global NotPetya attack, timed to coincide with Ukraine’s Constitution Day in 2017, as well as the disruption of the opening ceremony of the 2018 Pyeongchang Olympics. APT44 attacked what are essentially their allies, because some of Russia’s athletes were banned for using banned substances.

While APT44 was initially tasked with disruption attacks, lately it has pivoted more towards espionage and intelligence gathering. For example, the group’s skills were used on the front line to exfiltrate communications from captured mobile devices. 

“APT44 will almost certainly continue to present one of the widest and highest severity cyber threats globally,” the researchers concluded. 

“As Russia’s war continues, we anticipate Ukraine will remain the principal focus of APT44 operations. However, as history indicates, the group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate.” 

Changing Western political dynamics, upcoming elections, and domestic issues will continue reshaping APT44’s operations, Google TAG concluded.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.