Cyber Resilience

Threat actor · all actors

Sandworm TeamG0034 state

🇷🇺 RU · GRU · Unit 74455

aka Sandworm Team, ELECTRUM, Telebots, IRON VIKING, BlackEnergy (Group), Quedagh, Voodoo Bear, IRIDIUM, Seashell Blizzard, FROZENBARENTS, APT44, Sandworm, TEMP.Noble, G0034, Blue Echidna, UAC-0113, UAC-0082

Last updated: 2026-07-03

2attributed CVEs
109ATT&CK techniques
3.9IDF score (tooling uniqueness)
0exclusive CVEs
2010–2026years active

About this actor

[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020) In October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2010-3333 KEV10.07.80.97402010-11-10see CVE
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-464 / 10959%
CM-653 / 10949%
CM-250 / 10946%
SI-347 / 10943%
AC-342 / 10939%
CA-742 / 10939%
CM-740 / 10937%
AC-639 / 10936%
AC-432 / 10929%
SC-730 / 10928%
SI-730 / 10928%
AC-228 / 10926%
IA-221 / 10919%
AC-520 / 10918%
CM-519 / 10917%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Active in same years