The Threat CodexFeb 15
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
Threats to the Defense Industrial Base | Google Cloud Blog

The defense sector faces a relentless barrage of operations conducted by state-sponsored actors and criminal groups.

Google Cloud Blog
Anna Wasilewska-ŚpiochJan 29

Jeśli ktoś chce zerknąć do świeżo wydanego raportu firmy Dragos dotyczącego ataku na polski sektor energetyczny, to link znajdzie poniżej. Wskazywana przez badaczy grupa Electrum to nic innego jak Sandworm (wg nazewnictwa stosowanego przez ESET) czy po prostu APT44, czyli ślady prowadzą do Rosji. Ale szczegółów brak, same ogólniki. Sugeruję poczekać na publikację polskiego CERT-u, która ma szansę pojawić się już jutro.

https://5943619.hs-sites.com/hubfs/Reports/dragos-2025-poland-attack-report.pdf

#cyberbezpieczenstwo #apt44 #sandworm

The Threat CodexJan 28
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
#CVE_2025_8088 #RomComGroup #APT44 #TEMP.Armageddon #Gamaredon #Turla #zeroplayer
https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | Google Cloud Blog

Espionage and financially motivated threat actors are exploiting critical WinRAR vulnerability CVE-2025-8088.

Google Cloud Blog
Hackread.comJan 27

📢⚠️🚫 Poland blocks wiper malware attack from Russian #APT44 on power and heating plants, stopping major energy disruption.

https://hackread.com/poland-thwarts-russian-wiper-malware-power-plants/

#Cybersecurity #Malware #Russia #Poland #PowerGrid

Poland Thwarts Russian Wiper Malware Attack on Power Plants

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread.comDec 16

🔐 🖥️ 🌐 🛡️ Russian state-sponsored hackers are moving away from security vulnerabilities and breaking into critical infrastructure through misconfigured devices, warns Amazon Threat Intelligence. ⚠️ 🏭 🔍

Read: https://hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/

#CyberSecurity #Russia #Sandworm #APT44 #Amazon

Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

The DefendOps DiariesNov 6

Russia’s notorious Sandworm group isn’t just hitting power grids anymore—they’re now targeting Ukraine’s grain sector and food security. How deep does this cyber siege go?

https://thedefendopsdiaries.com/sandworm-apt44-russias-cyber-sabotage-unit-and-its-impact-on-ukraines-critical-infrastructure/

#sandworm
#apt44
#cyberwarfare
#ukraine
#criticalinfrastructure
#databreach
#malware
#ransomware
#cyberattacks

Sandworm (APT44): Russia’s Cyber Sabotage Unit and Its Impact on Ukraine’s Critical Infrastructure

Explore how Russia’s Sandworm (APT44) targets Ukraine’s critical infrastructure with cyberattacks, data wipers, and coordinated sabotage.

The DefendOps Diaries
SOC PrimeApr 4, 2025
The russian-backed Seashell Blizzard aka #APT44 or #Sandworm is behind a stealthy “BadPilot” campaign focused on gaining persistent network access. Detect adversary activity targeting critical sectors with #Sigma rules from SOC Prime Platform.
https://socprime.com/blog/seashell-blizzard-attack-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post
Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group  - SOC Prime

Detect Seashell Blizzard also known as APT44 BadPilot campaign focused on stealthy initial infiltration with Sigma rules from SOC Prime Platform.

SOC Prime
CyberEd Feb 13, 2025
#G0034 #apt44 #seashellblizzard > The #BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Just Another Blue TeamerApr 29, 2024

Happy Monday everyone!

I know this was posted a week or two back, but I wanted to bring it up again in another light. The first time I read it from a technical level looking for the usual TTPs and behaviors but while I was mowing my yard and listening to The Cybersecurity Defender's Podcast by @limacharlieio the participants mentioned something that I didn't even realize the first time I read it. They mentioned that #APT44, or Sandworm, is a very serious adversary due to the amount of capabilities they have and on so many different levels. From espionage to persistence to destructive activity, they are a very refined group and should be taken seriously. Thanks for the great insight! I hope you enjoy and Happy Hunting!

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm | Google Cloud Blog

APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.

Google Cloud Blog
Brad SnyderApr 28, 2024

Sandworm, an Inspiration for Hostile Actors
https://www.lawfaremedia.org/article/sandworm-an-inspiration-for-hostile-actors

#Cybersecurity
#Russia
#APT
#APT44

Sandworm, an Inspiration for Hostile Actors

The latest edition of the Seriously Risky Business cybersecurity newsletter, now on Lawfare.

Default