Summary: A subgroup of the Russian hacking group Sandworm has conducted a multi-year campaign targeting critical infrastructure in the U.S. and Europe, aiming to gain initial access to strategic organizations across various sectors. Microsoft warns that this group’s activities support Russia’s military objectives and pose significant risks to global security. The report highlights the evolving tactics and wide-ranging implications of these cyber operations, which have shown a concerning departure from Russia’s typical cyber behavior.
Affected: U.S. and European critical infrastructure organizations, including energy, telecommunications, and government sectors.
Keypoints :
- Sandworm has exploited vulnerabilities in key software systems to maintain access to high-priority targets since at least 2013.
- The group has expanded its operations beyond Eastern Europe, with recent targeting focusing on the U.S., Canada, Australia, and the U.K.
- Its tactics involve using remote management tools for persistent access and may precede destructive attacks aimed at leveraging geopolitical tensions.
Source: https://therecord.media/sandworm-subgroup-russia-europe