Security news aggregator

Latest coverage for Sandworm

Coverage of incidents attributed to Sandworm, with analysis of infrastructure, disruption, and defensive guidance for organizations.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Sandworm is a name used for an intrusion set associated in public reporting and government assessments with Russia’s GRU, although such attribution remains subject to evidence and revision. Reporting has linked the group to disruptive operations including attacks affecting Ukrainian power distribution and the 2017 NotPetya outbreak, which spread through a compromised software-update channel and caused extensive operational damage. The activity tracked under this name has included destructive malware, denial-of-service attacks, and exploitation of vulnerable systems.

For defenders, the key risk is that an intrusion can progress from access to disruption rather than simple data theft. Priorities include rapidly patching internet-facing and edge systems, enforcing multifactor authentication and least privilege, segmenting critical networks, and maintaining offline, tested backups with restoration procedures. Threat intelligence on reported Sandworm infrastructure and malware can support detection and scoping, but indicators should complement—rather than replace—behavioral monitoring and sound vulnerability-management and incident-response practices.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view
Bank Info Security 5 months, 3 weeks ago

Wiper Malware Targeting Poland's Power Grid Tied to Moscow

Signs Point to Long-Active 'Sandworm' Military Intelligence Hackers at WorkRussian cyberattacks in late December 2025 that attempted to disrupt Poland's power grid have been attributed to "Sandworm," the codename for an advanced persistent threat group tied to a Moscow military intelligence unit that repeatedly uses wiper malware, including in these attacks.

Bank Info Security 2 years, 3 months ago

The Global Menace of the Russian Sandworm Hacking Team

Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques, Mandiant WarnsRussia's preeminent cyber sabotage unit presents "one of the widest and high severity cyber threats globally," warned Mandiant in a Wednesday report. Mandiant newly designated Sandworm as APT44 to differentiate it from another hacking unit it will still track as APT28.

Bank Info Security 2 years, 3 months ago

Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'

Kapeka Shows Similarities to Russian GRU Hacking Group's GreyEnergy MalwareLikely Russian military intelligence hackers known as Sandworm since at least mid-2022 have deployed a new and highly flexible back door against Eastern European targets, warn security researchers. Security firm WithSecure dubs the backdoor "Kapeka."

Bank Info Security 2 years, 6 months ago

Russian Sandworm Group Spied on Kyivstar Networks for Months

Nation-State Hackers Blamed for Severing Communications to 24 Million CitizensUkraine's security intelligence chief said Russian hackers had been responsible for severing internet access and mobile communications from telecom operator Kyivstar in December, after compromising the firm's network months ago. He said the "disastrous" cyberattack had wiped "almost everything."