Google’s Mandiant Unearths Sandworm’s New Identity as APT44: A Formidable Cyber Threat

Google’s cybersecurity firm Mandiant has rebranded the notorious Russian military-backed hacker collective Sandworm as APT44, highlighting the group’s evolving and persistent threat on a global scale. The decision to give Sandworm a new identity comes after years of observing their cyberespionage activities, particularly targeting Ukraine.

In a comprehensive 40-page report titled “APT44: Unearthing Sandworm,” Mandiant delves into the history and operations of the group, detailing their extensive cyber campaigns and arsenal of malware variants. APT44, active since 2009, is described as a dynamic threat actor engaged in cyber espionage, attacks, and influence operations.

Mandiant’s report highlights the advancements in APT44’s capabilities, including the development of new cyberattack concepts and methods. The group has been linked to various disruptive and destructive cyber activities, posing a significant threat to global cybersecurity.

The rebranding of Sandworm to APT44 distinguishes the group from another Russian military-backed cyber sabotage unit, APT28, also known as FancyBear. APT28 gained notoriety for its interference in the 2016 US presidential elections and continues to pose a threat with recent attacks on US and other governments.

Mandiant’s Chief Analyst John Hultquist emphasizes the aggressive and effective defense strategies in Ukraine that have mitigated some of Sandworm’s attacks. However, the group remains a formidable adversary, with a track record of targeting critical infrastructure and conducting disruptive cyber operations.

As APT44 continues to evolve and expand its cyber capabilities, Mandiant warns of the group’s potential to inspire and enable other state and non-state actors to develop similar cyberattack programs. The report underscores the urgent need for enhanced cybersecurity measures to counter the growing threat posed by APT44 and similar threat actors globally.