Sandworm Archives

Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center

Jeffrey Burt | March 16, 2026 | critical infrastructure attack, data wiper, Handala Hack, Iran Hacker Groups, iran war, Iran-Israel Conflict, IRGC, nuclear power, Poland, Ransomware, Russian GRU, Sandworm, United States-Iran

Poland officials say the cyberattack late last week appears to have been launched by an Iranian threat group, though they noted that bad actors not associated with any country in the war ...

Security Boulevard

Emulating the Destructive Sandworm Adversary

Ayelen Torello | November 14, 2025 | adversary emulation, APT44, government, Russia, Sandworm, Seashell Blizzard, Voodoo Bear

AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated ...

AttackIQ

Emulating the Sophisticated Russian Adversary Seashell Blizzard

Ayelen Torello | April 2, 2025 | adversary emulation, APT44, Energy, government, manufacturing, Resources & Utilities, Russia, Sandworm, Seashell Blizzard, telecommunications, transportation, Voodoo Bear

AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard. The post Emulating the Sophisticated Russian Adversary ...

AttackIQ

Emulating Sandworm’s Prestige Ransomware

Francis Guibernau | August 2, 2024 | adversary emulation, Broad-Based Attacks, living off the land, Microsoft, Microsoft Threat Intelligence Center (MSTIC), Poland, Prestige, Ransomware, Russia, Sandworm, Ukraine

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the ...

AttackIQ

Emulating the Sabotage-Focused Russian Adversary Sandworm– Part 2

Francis Guibernau | July 3, 2024 | adversary emulation, Defense Industrial Base, Financial Services, government, Invasion, Malware, Russia, Sandworm, technology, transportation, Ukraine

AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and other countries in the ...

AttackIQ

Emulating the Sabotage-Focused Russian Adversary Sandworm

Francis Guibernau | March 6, 2024 | adversary emulation, Energy, government, Media, Media & Entertainment, Resources & Utilities, Russia, Sandworm

AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm. The post Emulating the Sabotage-Focused Russian Adversary ...

AttackIQ

Russian Hackers Orchestrate Ukrainian Telecom Giant Attack

Wajahat Raja | January 16, 2024 | Cyber threat landscape, cyberattack, cybersecurity breach, Cybersecurity News, Data breaches, Illia Vitiuk, Incident Response, Infiltration Timeline, Kyivstar, Malware Intrusion, Russian hackers, Sandworm, Solntsepek, State-controlled Hacker Group, Telecom Industry Vulnerabilities, Telecom Networks, Telecommunications Security, Ukrainian Telecom Giant Attack

In a recent revelation by Ukraine’s top cyber official, Illia Vitiuk, it has been unveiled that the cyberattack on Kyivstar, Ukraine’s largest telecom operator, had its roots embedded months before the notorious ...

TuxCare

Security Advocacy in the Cloud with Jacob Ansari from Schellman

Anitian | May 10, 2022 | CISO, database as a service (DBaaS), Fancy Bear, FedRAMP, Log4j, Payment Application Assessor, PCI, PCI DSS, PCI DSS v4.0, Podcast, Quality Security Assessor, Sandworm, Schellman, SOC 2, Spring Shell, Vulnerabilities, Vulnerability Management

In this episode, we talk with Jacob Ansari, a Security Advocate at Schellman, where he leads the firm’s security best practices advocacy. He develops and leads educational efforts on security practices, emerging ...

Anitian

Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’

Richi Jennings | April 28, 2022 | ddos, GRU, IT Army, NotPetya, PSYOPS, Russia, Sandworm, SB Blogwatch, Tunguska comet should have hit Moscow, Ukraine, Unit 74455

Russia is attacking Ukraine with cyberattacks and psyops. But the scale is pathetic and Ukraine is fighting back—hard ...

Security Boulevard

US Disrupted Russian GRU’s Hydra and Sandworm

Christopher Burgess | April 26, 2022 | cyberdefense, Cyberwar, Hydra, Russia, Sandworm, Ukraine

The United States has been largely mum on its offensive capabilities when it comes to cybersecurity operations. But recently, the Director of the National Security Agency and Cyber Command, General Nakasone, referenced ...

Security Boulevard

Sandworm

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On