{
	"id": "6605b3f9-0746-4db9-a91a-273e19840fcf",
	"created_at": "2026-04-06T00:21:49.763004Z",
	"updated_at": "2026-04-10T13:12:37.726817Z",
	"deleted_at": null,
	"sha1_hash": "d022e9b2a8bcc422971145fd42041c90774d1c85",
	"title": "France Ties Russia's Sandworm to a Multiyear Hacking Spree",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1998919,
	"plain_text": "France Ties Russia's Sandworm to a Multiyear Hacking Spree\r\nBy Andy Greenberg\r\nPublished: 2021-02-15 · Archived: 2026-04-05 23:50:31 UTC\r\nFeb 15, 2021 3:10 PM\r\nA French security agency warns that the destructively minded group has exploited an IT monitoring tool from\r\nCentreon.\r\nCentreon's client list includes telecoms, airlines, and a nuclear power firm.ERIC PIERMONT\r\nThe Russian military hackers known as Sandworm, responsible for everything from blackouts in Ukraine to\r\nNotPetya, the most destructive malware in history, don't have a reputation for discretion. But a French security\r\nagency now warns that hackers with tools and techniques it links to Sandworm have stealthily hacked targets in\r\nthat country by exploiting an IT monitoring tool called Centreon—and appear to have gotten away with it\r\nundetected for as long as three years.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/sandworm-centreon-russia-hack/\r\nPage 1 of 3\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nhttps://www.wired.com/story/sandworm-centreon-russia-hack/\r\nPage 2 of 3\n\nAndy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author\r\nof the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New\r\nEra of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nRead More\r\nSource: https://www.wired.com/story/sandworm-centreon-russia-hack/\r\nhttps://www.wired.com/story/sandworm-centreon-russia-hack/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.wired.com/story/sandworm-centreon-russia-hack/"
	],
	"report_names": [
		"sandworm-centreon-russia-hack"
	],
	"threat_actors": [
		{
			"id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df",
			"created_at": "2023-01-06T13:46:38.402513Z",
			"updated_at": "2026-04-10T02:00:02.959797Z",
			"deleted_at": null,
			"main_name": "Sandworm",
			"aliases": [
				"IRIDIUM",
				"Blue Echidna",
				"VOODOO BEAR",
				"FROZENBARENTS",
				"UAC-0113",
				"Seashell Blizzard",
				"UAC-0082",
				"APT44",
				"Quedagh",
				"TEMP.Noble",
				"IRON VIKING",
				"G0034",
				"ELECTRUM",
				"TeleBots"
			],
			"source_name": "MISPGALAXY:Sandworm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7bd810cb-d674-4763-86eb-2cc182d24ea0",
			"created_at": "2022-10-25T16:07:24.1537Z",
			"updated_at": "2026-04-10T02:00:04.883793Z",
			"deleted_at": null,
			"main_name": "Sandworm Team",
			"aliases": [
				"APT 44",
				"ATK 14",
				"BE2",
				"Blue Echidna",
				"CTG-7263",
				"FROZENBARENTS",
				"G0034",
				"Grey Tornado",
				"IRIDIUM",
				"Iron Viking",
				"Quedagh",
				"Razing Ursa",
				"Sandworm",
				"Sandworm Team",
				"Seashell Blizzard",
				"TEMP.Noble",
				"UAC-0082",
				"UAC-0113",
				"UAC-0125",
				"UAC-0133",
				"Voodoo Bear"
			],
			"source_name": "ETDA:Sandworm Team",
			"tools": [
				"AWFULSHRED",
				"ArguePatch",
				"BIASBOAT",
				"Black Energy",
				"BlackEnergy",
				"CaddyWiper",
				"Colibri Loader",
				"Cyclops Blink",
				"CyclopsBlink",
				"DCRat",
				"DarkCrystal RAT",
				"Fobushell",
				"GOSSIPFLOW",
				"Gcat",
				"IcyWell",
				"Industroyer2",
				"JaguarBlade",
				"JuicyPotato",
				"Kapeka",
				"KillDisk.NCX",
				"LOADGRIP",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"ORCSHRED",
				"P.A.S.",
				"PassKillDisk",
				"Pitvotnacci",
				"PsList",
				"QUEUESEED",
				"RansomBoggs",
				"RottenPotato",
				"SOLOSHRED",
				"SwiftSlicer",
				"VPNFilter",
				"Warzone",
				"Warzone RAT",
				"Weevly"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434909,
	"ts_updated_at": 1775826757,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d022e9b2a8bcc422971145fd42041c90774d1c85.pdf",
		"text": "https://archive.orkl.eu/d022e9b2a8bcc422971145fd42041c90774d1c85.txt",
		"img": "https://archive.orkl.eu/d022e9b2a8bcc422971145fd42041c90774d1c85.jpg"
	}
}