Not Simon 🐐

Country: Russia Organization: Military Unit 74455, of the Main Center for Special Technologies (GTsST), of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), formerly known as the Main Intelligence Directorate Objective: Espionage, Attack, Influence Operations

Aliases:

• UAC-0133 (CERT-UA)
• Sandworm Team (Trend Micro, MITRE)
• Sandworm (ESET, Rapid7)
• Iron Viking (SecureWorks)
• CTG-7263 (SecureWorks)
• APT44 (Google Cloud, Mandiant)
• FROZENBARENTS (Google Threat Analysis Group)
• IRIDIUM (formerly used by Microsoft)
• Seashell Blizzard (Microsoft)
• Voodoo Bear (CrowdStrike)
• ELECTRUM (Dragos)
• Quedagh
• Black Energy (Group)
• TEMP.Noble

Personas Used

• Cyber Army of Russia Reborn

Identified Members

• Yuriy Sergeyevich Andrienko:
  • Rewards for Justice
  • FBI Most Wanted
• Sergey Vladimirovich Detistov:
  • Rewards for Justice
  • FBI Most Wanted
• Pavel Valeryevich Frolov:
  • Rewards for Justice
  • FBI Most Wanted
• Anatoliy Sergeyevich Kovalev:
  • Rewards for Justice
  • FBI Most Wanted
• Artem Valeryevich Ochichenko:
  • Rewards for Justice
  • FBI Most Wanted
• Petr Nikolayevich Pliskin:
  • Rewards for Justice
  • FBI Most Wanted

Links

• U.S. Department of Defense: New Sandworm malware Cyclops Blink replaces VPNFilter (PDF, February 23, 2022)
• U.S. Department of Justice:
  • Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace (October 19, 2020)
  • Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) (April 6, 2022)
• CISA: Infamous Chisel Malware Analysis Report (August 31, 2023)
• NSA: Government Agencies Report New Russian Malware Targets Ukrainian Military (August 31, 2023)
• NCSC-UK: New Sandworm malware Cyclops Blink replaces VPNFilter (February 23, 2022)