APTs Identified: Mandiant Officially Attributes Sandworm Cyber Attacks to APT44 Group

Google Cloud’s cybersecurity unit, Mandiant, has officially attributed cyber espionage and warfare campaigns to a Russian actor known as Sandworm. These attacks will now be tracked by Mandiant as a new APT group called APT44. APT44 has been active for over a decade and has been involved in high-profile attacks, including the 2016 US election hack, the NotPetya incident, and attacks on the 2018 Winter Olympics. Since late 2021, APT44 has focused its work on Ukraine, helping to lay the groundwork for Moscow’s attack on Kyiv in February 2022. APT44 is run by the GRU, a Russian intelligence agency. Mandiant warns that APT44 poses a significant threat globally and has observed its operations around the world. It emphasizes the importance of tracking and defending against APT44’s activities, especially in light of upcoming elections and the group’s history of interference in democratic processes. Mandiant expects APT44 to continue being a major cyber threat in the foreseeable future.

Unlock your business potential with our expert guidance. Get in touch now!