Threat actor · all actors
Sandworm TeamG0034 state
🇷🇺 RU · GRU · Unit 74455
aka Sandworm Team, ELECTRUM, Telebots, IRON VIKING, BlackEnergy (Group), Quedagh, Voodoo Bear, IRIDIUM, Seashell Blizzard, FROZENBARENTS, APT44, Sandworm, TEMP.Noble, G0034, Blue Echidna, UAC-0113, UAC-0082
Last updated: 2026-07-03
About this actor
[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020) In October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
- 2022 — 1 KEV added
- 2010 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2010-3333 KEV | 10.0 | 7.8 | 0.9740 | 2010-11-10 | see CVE |
CVE-2026-20929 | 5.5 | 7.5 | 0.0114 | 2026-01-13 | see CVE |
T1003T1003.001T1003.003T1005T1018T1021T1021.002T1027T1027.010T1033T1036T1036.005T1040T1041T1047T1049T1053T1053.005T1056T1056.001T1059T1059.001T1059.005T1070T1070.004T1071T1071.001T1072T1078T1078.002T1082T1083T1087T1087.002T1087.003T1090T1102T1102.002T1105T1106T1132T1132.001T1133T1140T1190T1195T1195.002T1199T1203T1204T1204.001T1204.002T1213T1213.006T1218T1218.011T1219T1485T1486T1489T1490T1491T1491.002T1499T1505T1505.003T1539T1555T1555.003T1561T1561.002T1566T1566.001T1566.002T1570T1571T1583T1583.001T1583.004T1584T1584.004T1584.005T1585T1585.001T1585.002T1586T1586.001T1587T1587.001T1588T1588.002T1588.006T1589T1589.002T1589.003T1590T1590.001T1591T1591.002T1592T1592.002T1593T1594T1595T1595.002T1598T1598.003T1608T1608.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 64 / 109 | 59% |
CM-6 | 53 / 109 | 49% |
CM-2 | 50 / 109 | 46% |
SI-3 | 47 / 109 | 43% |
AC-3 | 42 / 109 | 39% |
CA-7 | 42 / 109 | 39% |
CM-7 | 40 / 109 | 37% |
AC-6 | 39 / 109 | 36% |
AC-4 | 32 / 109 | 29% |
SC-7 | 30 / 109 | 28% |
SI-7 | 30 / 109 | 28% |
AC-2 | 28 / 109 | 26% |
IA-2 | 21 / 109 | 19% |
AC-5 | 20 / 109 | 18% |
CM-5 | 19 / 109 | 17% |
Co-occurring actors
- Naikon 1 shared CVEs
- Scarlet Mimic 1 shared CVEs
- Transparent Tribe 1 shared CVEs
- Aoqin Dragon 1 shared CVEs
- Mustang Panda 1 shared CVEs
- SolarWinds Compromise 1 shared CVEs
- APT38 1 shared CVEs
- Tonto Team 1 shared CVEs
- Ember Bear 1 shared CVEs
- GOLD SOUTHFIELD 1 shared CVEs
Similar actors
Similar TTPs
- Magic Hound 0.42
- APT32 0.35
- Lazarus Group 0.34
- Kimsuky 0.33
- OilRig 0.33
Active in same years
- APT29 3.00
- Threat Group-3390 3.00
- Naikon 2.00
- Equation 2.00
- Scarlet Mimic 2.00
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00