Full Report
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report
Analysis Summary
# Threat Actor: Sandworm
## Attribution & Identity
* **Attribution:** Russia-aligned group.
* **Aliases/Associations:** Not specified beyond the primary name.
## Activity Summary
* The actor deployed several data wipers against Ukraine's grain sector during the reporting period (April to September 2025).
* This activity is characterized as an attempt to harm the Ukrainian economy.
## Tactics, Techniques & Procedures
* **Specific TTPs:** Deployment of data wipers.
* **MITRE ATT&CK IDs:** Not mentioned in the provided text.
## Targeting
* **Sectors:** Grain sector (Agriculture/Critical Infrastructure).
* **Geography:** Ukraine.
* **Victims:** Entities within the Ukrainian grain sector.
## Tools & Infrastructure
* **Malware Families Used:** Data wipers (specific names not provided).
* **Infrastructure:** Not mentioned in the provided text.
## Implications
* Sandworm demonstrates a focus on kinetic disruption and economic sabotage against specific national sectors, indicating high-level objective alignment with Russian state interests.
## Mitigations
* Specific mitigations were not detailed in the provided excerpt, but the use of data wipers implies a critical need for robust backup and recovery strategies, especially for critical infrastructure sectors like agriculture.