This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage...

Threat Actor Profile

Sandworm

State-sponsored threat group originating from RU. Suspected sponsor: Russian Federation. Known to target Private sector, Government.

2 Industries Tracked Real-Time Alerts

Actor Overview

Origin Country
RU
Suspected Sponsor
Russian Federation
Incident Types
Espionage

Target Industries

Private sectorGovernment

Suspected Victims

RussiaLithuaniaKyrgyzstanIsraelUkraineBelarusKazakhstanGeorgiaPolandAzerbaijanIran

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on Sandworm is published.

Actor Details

Primary Name
Sandworm
Known Aliases
Quedagh, VOODOO BEAR, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS, UAC-0113, Seashell Blizzard, UAC-0082, APT44
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →