Tuesday, December 6, 2022





Who is the Sandworm hacker group and Why are they resurfacing again?

The Sandworm hacker group is a Russian-based cyber espionage and sabotage group that has been linked to various high-profile hacking incidents over the past few years. In this article, we’ll take a look at who the Sandworm hacker group is, what they’re known for, and why they’re resurfacing again. Many of the targets of Sandworms attacks have been countries that are opposed to Russia.

Who is the Sandworm hacker group?

Sandworm is a prolific and notorious hacking group that has been active since at least 2012. The group is believed to be responsible for many high-profile attacks, including the NotPetya malware outbreak in 2017.

In recent months, the group has resurfaced with a new campaign targeting energy companies in the United States and Europe. The campaign, which appears to be ongoing, has raised concerns about Sandworm’s continued activity and its potential to cause widespread damage.

While little is known about the group’s members or motivations, Sandworm has been linked to the Russian military intelligence agency known as the GRU. This connection raises serious questions about the group’s capabilities and intentions, particularly given its apparent willingness to carry out destructive attacks. Given its history of malicious activity, a Sandworm is a group that should be closely monitored by security professionals and institutions.

Why is the Sandworm group resurfacing once more?

This group, named after the malware they used to attack NATO computers, first came to light when they were responsible for a series of cyber-attacks against Ukrainian targets in late 2014. These attacks were notable not only for their sophistication but also for their political motivation; it was clear that the folks behind Sandworm were trying to destabilize Ukraine as part of Russia’s ongoing effort to undermine its Western-backed government.

Now, it seems that Sandworm is back and up to its old tricks. In the past few weeks, there has been a spate of attacks attributed to the group, including one against a French television station and another against Poland’s national airline. And while it’s still early days, there are indications that these latest attacks are maybe even more ambitious than those carried out last year.

A group of Russians, the Sandworm hacking group, has resurfaced after decades of attempted blackouts in Ukraine. They are responsible for the blackout that occurred a week before Christmas in 2016.

With the prolific number of hacker groups targeting Ukraine, one group has emerged called Sandworm. The last time they appeared was with their Industroyer and Crash Override malware to target high-voltage electrical substations in Ukraine.

In the most recent attack, it was noted that the cyberattack team from Russia is the most aggressive in their attempts to accomplish these blackouts. Previously there have only been two successful attacks on Ukraine’s power grid and both had confirmed evidence that they were caused by hackers.

What was malware doing before February?

The malware was planted on the systems of the energy firm in Ukraine and it did not succeed. CERT-UA was able to detect and prevent the attack before any harm could be done.

What is being done to combat hacking in Ukraine?

The hackers attempted to destroy the utility computers’ data. Luckily, CERT-UA, who was aware of the issue, managed to catch it before the wiper malware could be utilized.

The industry is not immune from hackers trying to destroy critical infrastructure, this time with Industroyer malware in Ukraine.

ESET has a malware database for monitoring and has global technical support to offer scalable, flexible SaaS security management to protect organizations against destructive attacks.


The Sandworm hacker group is a dangerous cybercrime organization that has been active for several years. They have resurfaced again and are now targeting critical infrastructure, which could have devastating consequences.