{
	"id": "7ee01325-3e3c-4060-b224-f8369d36ef33",
	"created_at": "2026-04-06T00:14:13.657479Z",
	"updated_at": "2026-04-10T03:30:30.694774Z",
	"deleted_at": null,
	"sha1_hash": "aed97346b48c152d75e2c969e5597b914b33d8b3",
	"title": "US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 852811,
	"plain_text": "US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit\r\nBy Andy Greenberg\r\nPublished: 2020-10-19 · Archived: 2026-04-05 16:35:26 UTC\r\nThe Department of Justice has named and charged six men for allegedly carrying out many of the most costly\r\ncyberattacks in history.\r\nThe GRU building known as the Tower, in the Moscow suburb of Khimki, where Sandworm\r\noperates.Photograph: Maxim Shemetov/REUTERS/Alamy\r\nNearly half a decade ago, the Russian hackers known as Sandworm hit Western Ukraine with the first-ever\r\ncyberattack to cause a blackout, an unprecedented act of cyberwar that turned off the lights for a quarter million\r\nUkrainians. They were just getting started. From there Sandworm embarked on a years-long spree of wantonly\r\ndestructive attacks: another blackout attack on the Ukrainian capital of Kyiv in 2016, the release of the NotPetya\r\nworm in 2017 that spread globally from Ukraine to cause $10 billion in damage, and a cyberattack that\r\ntemporarily destroyed the IT backend of the 2018 Winter Olympics in South Korea, among others.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/\r\nPage 1 of 3\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nhttps://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/\r\nPage 2 of 3\n\nAndy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author\r\nof the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New\r\nEra of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nSource: https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/\r\nhttps://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/"
	],
	"report_names": [
		"us-indicts-sandworm-hackers-russia-cyberwar-unit"
	],
	"threat_actors": [
		{
			"id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df",
			"created_at": "2023-01-06T13:46:38.402513Z",
			"updated_at": "2026-04-10T02:00:02.959797Z",
			"deleted_at": null,
			"main_name": "Sandworm",
			"aliases": [
				"IRIDIUM",
				"Blue Echidna",
				"VOODOO BEAR",
				"FROZENBARENTS",
				"UAC-0113",
				"Seashell Blizzard",
				"UAC-0082",
				"APT44",
				"Quedagh",
				"TEMP.Noble",
				"IRON VIKING",
				"G0034",
				"ELECTRUM",
				"TeleBots"
			],
			"source_name": "MISPGALAXY:Sandworm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7bd810cb-d674-4763-86eb-2cc182d24ea0",
			"created_at": "2022-10-25T16:07:24.1537Z",
			"updated_at": "2026-04-10T02:00:04.883793Z",
			"deleted_at": null,
			"main_name": "Sandworm Team",
			"aliases": [
				"APT 44",
				"ATK 14",
				"BE2",
				"Blue Echidna",
				"CTG-7263",
				"FROZENBARENTS",
				"G0034",
				"Grey Tornado",
				"IRIDIUM",
				"Iron Viking",
				"Quedagh",
				"Razing Ursa",
				"Sandworm",
				"Sandworm Team",
				"Seashell Blizzard",
				"TEMP.Noble",
				"UAC-0082",
				"UAC-0113",
				"UAC-0125",
				"UAC-0133",
				"Voodoo Bear"
			],
			"source_name": "ETDA:Sandworm Team",
			"tools": [
				"AWFULSHRED",
				"ArguePatch",
				"BIASBOAT",
				"Black Energy",
				"BlackEnergy",
				"CaddyWiper",
				"Colibri Loader",
				"Cyclops Blink",
				"CyclopsBlink",
				"DCRat",
				"DarkCrystal RAT",
				"Fobushell",
				"GOSSIPFLOW",
				"Gcat",
				"IcyWell",
				"Industroyer2",
				"JaguarBlade",
				"JuicyPotato",
				"Kapeka",
				"KillDisk.NCX",
				"LOADGRIP",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"ORCSHRED",
				"P.A.S.",
				"PassKillDisk",
				"Pitvotnacci",
				"PsList",
				"QUEUESEED",
				"RansomBoggs",
				"RottenPotato",
				"SOLOSHRED",
				"SwiftSlicer",
				"VPNFilter",
				"Warzone",
				"Warzone RAT",
				"Weevly"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434453,
	"ts_updated_at": 1775791830,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aed97346b48c152d75e2c969e5597b914b33d8b3.pdf",
		"text": "https://archive.orkl.eu/aed97346b48c152d75e2c969e5597b914b33d8b3.txt",
		"img": "https://archive.orkl.eu/aed97346b48c152d75e2c969e5597b914b33d8b3.jpg"
	}
}