SandCat was caught by Kaspersky lab due to bad operational security
The military group, named SandCat, reportedly having ties to Uzbekistan State Security Service (SSS), was detected by Kaspersky lab while developing ransomware for an attack. It installed Kaspersky antivirus on machines used for preparing cyberattack and writing malicious code that was detected and grabbed by security researchers. Bad operational security of the military group led to the discovery of 4 zero-day exploits purchased by SandCat making them useless. Also, it was found that the same exploits were used in Saudi Arabia and the UAE.