SA
Sandworm
Organization·government·AI Enriched
Relationships:1
Events:0
Library:3
Confidence:
93%
Key Facts
Type
Organization
Sector
government
Industry
Not specified
Status
Draft
Country
Russia
Headquarters
Moscow, Russia
Founded
1/1/2009
Dissolved
Active
Also Known As
APT44Voodoo BearElectrumQuedaghTurla (partial overlap)BlackEnergy (early tools)
Tags
cyber espionage groupstate-sponsored hackersAPTGRU unit
Overall Confidence
93%
Internal Notes
No notes
Key Information
Leadership
No leadership added
Positions
No positions added
About
Sandworm is a Russian state-sponsored cyber espionage and cyberattack group believed to be affiliated with the Main Intelligence Directorate (GRU) of the Russian military. It has been active since at least 2009 and is known for conducting sophisticated cyberattacks targeting governments, military organizations, critical infrastructure, and political entities worldwide.
Key Relationships
Claroty
investigated
Claroty has investigated and exposed cyber operations attributed to Sandworm, a Russian military-linked hacking group, particularly in attacks on Ukrainian and global critical infrastructure like the 2022 Viasat incident.
Since 2020