Group: Sandworm, ELECTRUM

From attackics
Jump to navigation Jump to search
Sandworm, ELECTRUM
ID G0007
Associated Groups Sandworm, ELECTRUM
External Contributors Dragos Threat Intelligence

Sandworm is a threat group associated with the Kiev, Ukraine electrical transmission substation attacks which resulted in the impact of electric grid operations on December 17th, 2016.12 Sandworm has been cited as the authors of the Industroyer malware which was used in the 2016 Ukraine attacks.3

Associated Group Descriptions

  • Sandworm - 4
  • ELECTRUM - 1

Techniques Used

  • Internet Accessible Device - Sandworm actors exploited vulnerabilities in GE's Cimplicity HMI and Advantech/Broadwin WebAccess HMI software which had been directly exposed to the internet.56