🇷🇺

Sandworm Team

APT Group Information theft and espionage Sabotage and destruction ETDA ✓

Also Known As 10 names

APT44 IRON VIKING ELECTRUM Telebots FROZENBARENTS Seashell Blizzard IRIDIUM Quedagh BlackEnergy (Group) Voodoo Bear

Target Countries 56

Countries highlighted in red

Afghanistan Angola Argentina Austria Australia Azerbaijan Bangladesh Belgium Bulgaria Belarus Canada China Colombia Germany Denmark Egypt Spain Finland France Georgia Ghana Hungary Israel India Islamic Republic of Iran Italy Kyrgyzstan Cambodia Republic of Korea Kazakhstan Lithuania Luxembourg Latvia Republic of Moldova Myanmar Mexico Malaysia Nigeria Netherlands Norway Oman Peru Pakistan Poland Portugal Paraguay Romania Serbia Sweden Thailand Turkey Province of China Taiwan Ukraine United States Uzbekistan Vietnam

Sectors Targeted

Motion Picture and Video Production 51211 Environmental Consulting Services 54162 Remediation and Other Waste Management Services 5629 National Security and International Affairs 928110 Telecommunications Industrial Sporting and Athletic Goods Manufacturing 339920 Data Processing, Hosting, and Related Services 51821 Government Other Amusement and Recreation Industries 7139 Education Computer Systems Design Services 541512 Internet Publishing and Broadcasting and Web Search Portals 51913 Energy Periodical Publishers 51112

Details

Origin 🇷🇺 RU
Last Updated 20 Mar 2026

Malware Families 15

grey_energy
arguepatch
exaramel
hermeticwiper
teledoor
dnwipe
zhmimikatz
cyclops_blink
telebot
olympic_destroyer
pas
eternal_petya
lazarus_killdisk
roar_bat
swiftslicer

MITRE ATT&CK 134

T1003 T1003.001 T1003.003 T1005 T1018 T1021 T1021.002 T1027 T1027.002 T1027.010 T1033 T1036 T1036.004 T1036.005 T1036.008 T1036.010 T1040 T1041 T1047 T1049 T1053 T1053.005 T1055 T1056 T1056.001 T1059 T1059.001 T1059.003 T1059.005 T1070 T1070.004 T1071 T1071.001 T1072 T1078 T1078.002 T1082 T1083 T1087 T1087.002 T1087.003 T1090 T1095 T1098 T1102 T1102.002 T1105 T1106 T1110 T1112 T1132 T1132.001 T1133 T1136 T1136.002 T1140 T1190 T1195 T1195.002 T1199 T1203 T1204 T1204.001 T1204.002 T1213 T1213.006 T1218 T1218.011 T1219 T1484 T1484.001 T1485 T1486 T1489 T1490 T1491 T1491.002 T1499 T1505 T1505.001 T1505.003 T1539 T1543 T1543.002 T1543.003 T1554 T1555 T1555.003 T1561 T1561.002 T1562 T1562.001 T1562.002 T1566 T1566.001 T1566.002 T1570 T1571 T1572 T1583 T1583.001 T1583.004 T1584 T1584.004 T1584.005 T1585 T1585.001 T1585.002 T1586 T1586.001 T1587 T1587.001 T1588 T1588.002 T1588.006 T1589 T1589.002 T1589.003 T1590 T1590.001 T1591 T1591.002 T1592 T1592.002 T1593 T1594 T1595 T1595.002 T1598 T1598.003 T1608 T1608.001 T1685 T1685.001

Related Zero-Days

No zero-day CVE linked to this actor