Sandworm: this is the name of a group of hackers linked to Russian intelligence services, fast becoming a global threat to cybersecurity. In a report published Wednesday, April 17, Mandiant, a Google subsidiary, said it had spotted malicious operations carried out by this group in different locations around the world, considered political, military or economic hotspots for Russian interests. “We observed the group conducting espionage operations in North America, Europe, the Middle East, Central Asia and Latin America,” Mandiant researchers said in their report.
Possible electoral interference
The activities of the hacker group are all the more worrying as the year 2024 is due to see several crucial electoral votes. “With record numbers of people participating in national elections in 2024, Sandworm’s history of attempting to interfere in democratic processes further increases the severity of the threat the group may pose in the near term,” Mandiant says.
Five years ago, a dozen Russian military intelligence officers were indicted in the United States on charges stemming from their alleged interference in the 2016 American presidential election that brought Donald Trump to the White House. , according to the FBI.
Active in the war in Ukraine
Sandworm has repeatedly targeted Western electoral institutions, including those of current and future NATO member countries, according to the Mandiant report. The group has “attempted to interfere with democratic processes in some countries by disclosing politically sensitive information and deploying malware to access election systems and distort election data.”
These hackers are also particularly sought after by the Russian army in its war in Ukraine. Sandworm “is actively engaged in the full range of espionage, attack and influence operations.” In 2022, Ukraine had already announced that it had foiled a Russian cyberattack carried out by Sandworm, targeting one of its largest energy installations.
“We assess with great confidence that (Sandworm) is viewed by the Kremlin as an agile instrument of power, capable of serving Russia’s national interests and ambitions, including efforts to undermine democratic processes around the world “, conclude the researchers.
Targeting France
The group, however, plays a propaganda role, not hesitating to exaggerate the scope of the operations it carries out on its broadcast channels. It would appear that Sandworm attempted to target French energy infrastructure… But without achieving the expected success. According to an investigation by Worldthe group would have, at the beginning of March 2024, claimed on Russian social networks to have managed to take control of the Courlon-sur-Yonne (Yonne) hydroelectric power station.
But according to investigators, the pirates actually attacked… a mill. “In the village, no one noticed anything. And for good reason: the analysis of the images shows that the attack essentially made it possible to lower the level upstream by 20 centimeters”, indicates the newspaper, which explains that it is very hard to hack this type of installation remotely. , because they benefit from physical security.
Always according to The worldbetween January and April, the Telegram channel managed by Sandworm also claimed “computer attacks against water treatment or distribution installations in Poland and the United States” including this time “the distribution system and water storage facility serving several rural communities in Texas”, a more serious attack, which could have caused considerable damage.
Thus, Mandiant’s report recalls the dangerousness of this unit of elite hackers linked to Russian intelligence. Its activities, such as attempts to influence elections or retaliation against international sports bodies in athlete doping controversies, suggest “there is no limit to the nationalist impulses” that can drive the program. of Sandworm, according to the report.