Today's Core Dump is brought to you by ThreatPerspective

Threat Intelligence

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm

Due to its history of aggressive use of network attack capabilities across political and military contexts, APT44 presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect. The combination of APT44's high capability, risk tolerance, and far-reaching mandate to support Russia’s foreign policy interests places governments, civil society, and critical infrastructure operators around the world at risk of falling into the group's sights on short notice.

We also judge APT44 to present a significant proliferation risk for new cyber attack concepts and methods. Continued advancements and in-the-wild use of the group’s disruptive and destructive capabilities has likely lowered the barrier of entry for other state and non-state actors to replicate and develop their own cyber attack programs. Russia itself is almost certainly alert to and concerned about this proliferation risk, as Mandiant has observed Russian cybersecurity entities exercise their ability to defend against categories of disruptive cyber capabilities originally used by APT44 against Ukraine.

Looking Ahead

APT44 will almost certainly continue to present one of the widest and highest severity cyber threats globally. It has been at the forefront of the threat landscape for over a decade and is responsible for a long list of firsts that have set precedents for future cyber attack activity. Patterns of historical activity, such as efforts to influence elections or retaliate against international sporting bodies, suggest there is no limit to the nationalist impulses that may fuel the group’s operations in the future.

As Russia’s war continues, we anticipate Ukraine will remain the principal focus of APT44 operations. However, as history indicates, the group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate. We therefore assess that changing Western political dynamics, upcoming elections, and emerging issues in Russia’s near abroad will also continue to shape APT44’s operations for the foreseeable future.

Protecting the Community

As part of our research, we take various steps to protect customers and the community:

We are committed to sharing our findings with the security community to raise awareness, and with companies and individuals that might have been targeted by these activities.

Read the APT44 report for our full analysis of this group, a detailed list of malware used by APT44 since 2018, hunting rules for detecting the malware, and a list of Mandiant Security Validation actions organizations can use to validate their security controls.

Published: 2024-04-17T10:00:00

© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us