Book Review: Sandworm - A New Era of Cyberwar and the Hunt for Kremlin's Most Dangerous Hackers

Imagine you are in the office, in front of your computer, focused on your work but all of the sudden your computer reboots but this time it doesn’t come back to a login screen, instead it shows a ransomware message.

What do you do now?

Sandworm, also known as APT28 and Fancy Bear, is a state-sponsored hacking group that is believed to operate on behalf of the Russian government. Other countries have their state-sponsored groups as well but in this article we will only focus on Sandworm. Investigations show that the group has been active since at least 2007 although it could be an evolution of another set of groups. They have been linked to a number of high-profile cyberattacks against governments, military organizations, and other targets around the world.

According to experts, Sandworm has primarily been motivated by geopolitical objectives and has been used as a tool of Russian statecraft. The group has been used to gather intelligence, disrupt critical infrastructure, and spread propaganda and disinformation. Some of the specific goals that Sandworm has been associated with include:

• Gathering intelligence on governments and military organizations in order to advance Russian interests
• Disrupting the operations of governments and military organizations in order to weaken their ability to resist Russian aggression
• Spread propaganda and disinformation in order to shape public opinion in favor of Russian policies
• Sabotaging critical infrastructure in order to disrupt the economies and societies of targeted countries

Overall, Sandworm’s activities have been aimed at furthering the interests of the Russian state and undermining the security and stability of other countries.

Mimikatz is a tool that can be used to obtain the passwords of Windows users, allowing an attacker to gain unauthorized access to a system. It was developed by French security researcher Benjamin Delpy and has been used by a variety of hacking groups, including Sandworm.

It is not clear exactly how Sandworm came to use Mimikatz in its operations. However, Mimikatz has become a popular tool among hackers due to its effectiveness at extracting passwords, and it is likely that Sandworm, like many other groups, adopted it as a means of gaining access to targeted systems.

Once Mimikatz has been used to obtain passwords, an attacker can use them to log into systems and gain access to sensitive data, install malware, or perform other malicious actions. Sandworm and other groups have used Mimikatz as part of their toolkit for conducting cyber espionage and other types of attacks.

Maersk, a Danish shipping and logistics company, was one of the organizations that was significantly impacted by the NotPetya cyberattack in 2017. NotPetya was a strain of ransomware that was initially spread through a software update mechanism for a Ukrainian accounting program, but it quickly spread to other countries and caused widespread damage to businesses and government organizations around the world.

Maersk was one of the hardest hit companies, with the attack causing significant disruption to its operations. The attack encrypted the company’s data and rendered its systems inoperable, resulting in the shut down of a number of its critical systems, including its email and financial systems. The company estimated that the attack cost it upwards of $300 million in lost revenue and expenses related to the recovery effort.

In the aftermath of the attack, Maersk worked to restore its systems and rebuild its operations, but the damage caused by the attack took months to fully repair. The incident highlights the significant risks and costs that businesses can face as a result of cyberattacks.