Digital Shadows maps out MITRE ATT&CK to SandWorm APT's campaign
On Thursday, October 15th, the United States Department of Justice (DoJ) indicted six Russian military officers connected to the SandWorm advanced persistent threat (APT) group, a threat group attributed to Russia’s Main Intelligence Directorate (GRU). According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access to victim computers (hacking).
Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.