The Kremlin's main hacker collective is taking liberties and launching unusual cyberattacks against Europe and the United States. These intelligence agents then claim responsibility for their attack, exaggerating the impact.
Sandworm continues “ represent one of the largest and most serious cyber threats globally “. The American company Mandiant, owned by Google, publishes on April 17 a report complete on one of the Kremlin's most famous hacker groups, APT44, better known by the nickname “Sandworm”.
Advertisement
Cyber experts have analyzed the activities of Russian military intelligence hackers and found that the group no longer sticks to operations on strategic targets. Google indicates that several Russian Telegram channels with an ultranationalist tendency are run by these same Kremlin agents.
“ APT44 cultivates hacktivist identities that serve as assets for its subsequent information operations. He has gone through at least three main hacktivist-style Telegram channels to claim responsibility for his disruptive wartime operations », notes the report.
On these same channels, hackers post stolen data, boast, and exaggerate their attack. They even claim attacks that go beyond the ordinary framework of their missions for the Kremlin. In January 2024 for example, the IT system of a water tower in Texas was the victim of a cyberattack and the tank overflowed for almost half an hour before teams were able to stop the incident.
Mandiant is not able, at this time, to independently verify the claimed intrusion activity. “ However, we note that relevant U.S. government officials subsequently publicly acknowledged the incidents at the entities featured as victims in the CyberArmyofRussia_Reborn video. » notes Mandiant.
Advertisement
A completely failed cyberattack in France
Another attack this time targeted France. The Sandworm pirates have claimed responsibility for an attack on a dam in Burgundy in the Yonne department. Gold, the world reveals that it was only a mill in the village of Courlon-sur-Yonne. “ In the village, no one noticed anything. Analysis of the images shows that the attack essentially made it possible to lower the level upstream by 20 centimeters », We can read in the article.
According to Google cyber experts, these new operations aim to “ making GRU (Russian military intelligence) capabilities appear more powerful through exaggerated impact claims. »
However, these unique acts must be closely monitored. Asked by WiredJohn Hultquist, chief analyst at Google, states that “ someone who uses this fake (hacktivist) identity is doing very aggressive things on a global scale. It could ultimately cause a very serious incident. » Even if these operations were carried out independently by Kremlin agents, Putin's doctrine showed that anything that disrupts, directly or indirectly, the West serves Russia's interests.