Russian military-linked hackers target critical infrastructure worldwide

In recent years, Sandworm, an APT linked to Russia’s military intelligence unit, has become infamous for its disruptive cyberattacks, including triggering blackouts in Ukraine and unleashing the NotPetya attack. A faction linked to Sandworm, the Cyber Army of Russia Reborn, has escalated its digital assaults, directly targeting hydroelectric dams in France and water utilities in the US and Poland, altering system settings and flipping switches to sabotage critical infrastructure.

The group, identified in a recent report by cybersecurity firm Mandiant, has posted videos on Telegram showcasing its manipulation of human-machine interfaces, software systems that control the physical machinery in the networks of the targeted critical infrastructure. Nonetheless, the extent of the damage remains undisclosed.

While the exact relationship between Sandworm and the Cyber Army of Russia Reborn is uncertain, Mandiant’s findings suggest a connection, with evidence indicating Sandworm’s involvement in the hacker group’s creation and support. Despite Sandworm’s more calculated approach, the Cyber Army of Russia Reborn appears more reckless, actively tampering with operational technology systems and targeting US infrastructure directly.

As the Cyber Army of Russia Reborn continues its aggressive operations, Sandworm itself has shifted focus towards espionage and support for Russia’s military efforts in Ukraine. However, the independence of the Cyber Army of Russia Reborn raises concerns about the potential for unforeseen incidents, highlighting the evolving landscape of cyberwarfare and the challenges posed by state-sponsored hacking groups operating beyond traditional military confines.