File size: 9,678 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
{
"type": "bundle",
"id": "bundle--8b7af9cc-74d3-4224-9d6b-8270ac0079a8",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-08T22:12:31.238Z",
"name": "Sandworm Team",
"description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
"aliases": [
"Sandworm Team",
"ELECTRUM",
"Telebots",
"IRON VIKING",
"BlackEnergy (Group)",
"Quedagh",
"Voodoo Bear",
"IRIDIUM"
],
"x_mitre_deprecated": false,
"x_mitre_version": "3.0",
"x_mitre_contributors": [
"Dragos Threat Intelligence"
],
"type": "intrusion-set",
"id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
"created": "2017-05-31T21:32:04.588Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"revoked": false,
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/groups/G0034",
"external_id": "G0034"
},
{
"source_name": "Voodoo Bear",
"description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "ELECTRUM",
"description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Sandworm Team",
"description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Quedagh",
"description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "IRIDIUM",
"description": "(Citation: Microsoft Prestige ransomware October 2022)"
},
{
"source_name": "BlackEnergy (Group)",
"description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Telebots",
"description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "IRON VIKING",
"description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "US District Court Indictment GRU Oct 2018",
"description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
"url": "https://www.justice.gov/opa/page/file/1098481/download"
},
{
"source_name": "Dragos ELECTRUM",
"description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
"url": "https://www.dragos.com/resource/electrum/"
},
{
"source_name": "F-Secure BlackEnergy 2014",
"description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
"url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
},
{
"source_name": "iSIGHT Sandworm 2014",
"description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
"url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
},
{
"source_name": "CrowdStrike VOODOO BEAR",
"description": "Meyers, A. (2018, January 19). Meet CrowdStrike\u2019s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
"url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
},
{
"source_name": "Microsoft Prestige ransomware October 2022",
"description": "MSTIC. (2022, October 14). New \u201cPrestige\u201d ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.",
"url": "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
},
{
"source_name": "InfoSecurity Sandworm Oct 2014",
"description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian \u2018Sandworm\u2019 Hackers. Retrieved October 6, 2017.",
"url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
},
{
"source_name": "NCSC Sandworm Feb 2020",
"description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
"url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
},
{
"source_name": "USDOJ Sandworm Feb 2020",
"description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
"url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
},
{
"source_name": "US District Court Indictment GRU Unit 74455 October 2020",
"description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
"url": "https://www.justice.gov/opa/press-release/file/1328521/download"
},
{
"source_name": "Secureworks IRON VIKING ",
"description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
"url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
},
{
"source_name": "UK NCSC Olympic Attacks October 2020",
"description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
"url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"x_mitre_domains": [
"ics-attack",
"enterprise-attack",
"mobile-attack"
],
"x_mitre_attack_spec_version": "3.1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}
]
} |