Targeted by Sandworm: Threat from APT44 for companies worldwide

In the dark world of cybercrime, there are actors who seek more than just financial gain - they aim for political destabilisation and widespread sabotage. One such actor is APT44, also known as Sandworm, a Russian-backed cyber sabotage unit responsible for some of the largest cyber attacks of the last decade.

Hacker group APT44: rooted in Russia

APT44 is not just any hacker group. It is deeply rooted in the Russian military and political strategies in Russia and has demonstrated its capabilities in a series of attacks ranging from manipulating political elections to sabotaging critical infrastructure. Their tactics are diverse and include the use of destructive malware, spear phishing campaigns and sophisticated espionage techniques.

The cyber threat from Sandworm today & from the past

Sandworm specialises in attacks aimed at causing disruption and chaos. Its most notable operations include the disruption of the Ukrainian power grid, the release of the NotPetya malware attack that paralysed businesses worldwide and the attack on the 2018 Winter Olympics. These actions show that no industry or sector is safe from its activities.

Here are some incidents where Sandworm has been identified as the culprit:

1. Ukraine: Sandworm is blamed for several cyberattacks against Ukraine, in particular attacks on the Ukrainian power grid in December 2015 and again in December 2016 or on the 2014 elections. These attacks led to significant power outages and were some of the first confirmed cases of cyber attacks successfully disabling critical infrastructure. Numerous other attacks were to follow before the outbreak of the war in Ukraine.
2. NotPetya: In June 2017, Sandworm was likely responsible for the deployment of the NotPetya malware, which was disguised as ransomware but was actually designed to destroy data. NotPetya quickly spread around the world and hit numerous companies, including shipping giant Maersk, pharmaceutical company Merck, advertising agency WPP and many others, resulting in billions in losses.
3. 2018 Winter Games: During the opening ceremony of the 2018 Winter Olympics in Pyeongchang, Sandworm carried out a cyber attack aimed at disrupting the event. The attack affected the internet and the television broadcast of the ceremony and is considered politically motivated, as Russia was excluded from these games.
4. France: In 2017, it was reported that Sandworm had attempted to influence the French presidential election by carrying out phishing attacks against Emmanuel Macron's campaign team.
5. US facilities: Sandworm was also accused of attacking targets in the U.S., including energy facilities and other critical infrastructure, as part of a broader attempt to sow insecurity and disruption.

These attacks show that Sandworm specialises in sophisticated cyber operations, often aimed at destabilising political, economic and social structures. The entity uses a combination of malware, spear phishing and other tactics to achieve its goals, often appearing to have state support and significant resources.

What does the APT44 threat mean for your company?

The threat from Sandworm and similar state-sponsored hacking groups underscores the need for every organisation to take its cyber security measures seriously. Here are concrete steps you should take:

1. Strengthen network security: Implement advanced security systems that monitor network traffic and detect suspicious activity early.
2. Regular security audits and penetration tests: Regularly check your systems for vulnerabilities and close them before they can be exploited.
3. Train your employees: Awareness is one of your best lines of defence. Regularly train your employees on the latest phishing tactics and the importance of secure passwords.
4. Create and test contingency plans: Develop a comprehensive emergency plan in the event of a cyber attack and test it regularly. Ensure that all employees know what to do in the event of an attack.
5. International cooperation: Use resources and information from cyber security organisations and participate in platforms for the exchange of cyberthreat intelligence.

Integration of safeREACH in your cyber defence strategy

In the midst of growing threats from cyberattacks, safeREACH offers an efficient solution to minimise the impact of a security incident. As a comprehensive alerting and crisis communication software, safeREACH enables your organisation to respond quickly and in a coordinated manner to a cyber attack.

In the event of a security incident, safeREACH can automatically trigger predefined alerting processes that ensure all relevant team members and stakeholders are informed immediately. By providing a centralised platform for communication, safeREACH helps to shorten response times and coordinate communication among security teams, which is crucial to limit the spread of the threat and quickly initiate countermeasures. In addition, the system supports the documentation of the incident and post-remediation analysis to improve future security strategies and strengthen resilience against future attacks.

Anyone can become a victim of APT44

APT44 has shown that cyber attacks can affect any organisation - regardless of its size or industry. By understanding the threats posed by such highly skilled groups and implementing strong security protocols, you can strengthen your organisation's resilience to these invisible but destructive attacks.