Decipher’s Lindsey O’Donnell-Welch and Mandiant analysts Dan Black and Gabby Roncone reflect on the most pivotal moments from Sandworm over the last decade, from NotPetya to the Ukraine electric power grid attacks.
Recent activity by the well-known Sandworm group - which researchers with Mandiant have started calling APT44 - relies on a mix of espionage efforts and hacktivist personas.
The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.
Fixes for both the Zoho and Fortinet vulnerabilities have been available since last year.
While the APT has targeted dozens of organizations in Taiwan, researchers with Microsoft warn that its tactics could easily be used in campaigns in other areas.