Russian Sandworm cybercrime group linked to multiple attacks

“Due to its history of aggressive use of network attack capabilities across political and military contexts, APT44 presents a persistent, high severity threat to governments and critical infrastructure operators globally where Russian national interests intersect,” the researchers said.

Working in Russia's interest

According to TAG, APT44 was linked to multiple major attacks recently, including the first-of-their-kind disruptions of Ukraine’s energy grid, in the winters of 2015 and 2016. Then, this group was linked to the global NotPetya attack, timed to coincide with Ukraine’s Constitution Day in 2017, as well as the disruption of the opening ceremony of the 2018 Pyeongchang Olympics. APT44 attacked what are essentially their allies, because some of Russia’s athletes were banned for using banned substances.

While APT44 was initially tasked with disruption attacks, lately it has pivoted more towards espionage and intelligence gathering. For example, the group’s skills were used on the front line to exfiltrate communications from captured mobile devices. 

“APT44 will almost certainly continue to present one of the widest and highest severity cyber threats globally,” the researchers concluded. 

“As Russia’s war continues, we anticipate Ukraine will remain the principal focus of APT44 operations. However, as history indicates, the group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate.” 

Changing Western political dynamics, upcoming elections, and domestic issues will continue reshaping APT44’s operations, Google TAG concluded.

More from TechRadar Pro

• This dangerous Russian-linked malware could shut down power grids
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now