{"id":50331,"date":"2023-01-30T22:32:00","date_gmt":"2023-01-30T22:32:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/russia-sandworm-apt-swarm-wiper-attacks-ukraine"},"modified":"2023-01-30T22:32:00","modified_gmt":"2023-01-30T22:32:00","slug":"russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/","title":{"rendered":"Russia&#8217;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Sandworm, an advanced persistent threat (APT) group linked to Russia&#8217;s foreign military intelligence agency GRU, has&nbsp;deployed a medley of five different wipers on systems belonging to Ukraine&#8217;s national news agency Ukrinform.&nbsp;<\/p>\n<p>The attack was one of two recent wiper offensives from Sandworm in the country. The efforts are&nbsp;the latest indications that the use of destructive wiper malware is on the rise, as&nbsp;a popular weapon among Russian cyber-threat actors. The goal is to cause&nbsp;irrevocable damage to the&nbsp;operations of targeted organizations in Ukraine, as part of Russia&#8217;s broader military objectives in the country.<\/p>\n<h2 class=\"regular-text\">A Medley of Wipers<\/h2>\n<p>According to&nbsp;Ukraine&#8217;s Computer Emergency Response Team (CERT-UA), the Ukrinform attack&nbsp;was only partially successful and ended up not impacting operations at the news agency. But had the wipers worked as intended they would have erased and overwritten data on all the infected systems and essentially rendered them useless.<\/p>\n<p>CERT-UA&nbsp;<a href=\"https:\/\/cert.gov.ua\/article\/3718487\" target=\"_blank\" rel=\"noopener\">reported the attack<\/a> publicly last Friday after Ukrinform asked it to investigate the incident on Jan. 17. In an advisory, CERT-CA identified the five wiper variants that Sandworm had installed on the news agency&#8217;s systems as CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe. Of these, the first three targeted Windows systems, while AwfulShred and BidSwipe took aim at Linux and FreeBSD systems at Ukrinform. Interestingly,&nbsp;SDelete is a legitimate command line utility for securely deleting Windows files.<\/p>\n<p>&#8220;It was found that the attackers made an unsuccessful attempt to disrupt the regular operation of users&#8217; computers using the CaddyWiper and ZeroWipe malicious programs, as well as the legitimate SDelete utility,&#8221; a translated version of CERT-UAs advisory noted. &#8220;However, it was only partially successful, in particular, to several data storage systems.&#8221;<\/p>\n<h2 class=\"regular-text\">&#8220;SwiftSlicer&#8221; Wiper Comes to Light<\/h2>\n<p>Separately, ESET disclosed another attack last week where the Sandworm group deployed a <a href=\"https:\/\/www.welivesecurity.com\/2023\/01\/27\/swiftslicer-new-destructive-wiper-malware-ukraine\/\" target=\"_blank\" rel=\"noopener\">brand-new wiper dubbed SwiftSlicer<\/a> in a highly targeted attack against an unidentified Ukrainian organization. In the attack, the Sandworm group distributed the malware via a group policy object, suggesting that the threat actor has already gained control of the victim&#8217;s Active Directory environment, ESET said. CERT-UA had described Sandworm as employing the same tactic to try and deploy CaddyWiper on Ukrinform&#8217;s systems.<\/p>\n<p>Once executed, SwiftSlicer deletes shadow copies, recursively overwrites files in system and non-system drives, and then reboots the computer, ESET noted. &#8220;For overwriting it uses 4096 bytes length block filled with randomly generated byte(s),&#8221; the security vendor said.<\/p>\n<p>Sandworm&#8217;s use of disk wiper malware in its campaigns against Ukrainian organizations is one indication of the destructive power that threat actors perceive these tools as having. Sandworm is a well-known, state-backed threat actor that became infamous&nbsp;for its high-profile attacks on Ukraine&#8217;s power infrastructure, with malware such as <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/questions-remain-on-how-cyberattack-caused-ukraine-blackout\" target=\"_blank\" rel=\"noopener\">BlackEnergy<\/a>, <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/3-years-after-attacks-on-ukraine-power-grid-blackenergy-successor-poses-growing-threat\" target=\"_blank\" rel=\"noopener\">GreyEnergy<\/a>, and, more recently, <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/first-malware-designed-solely-for-electric-grids-caused-2016-ukraine-outage\" target=\"_blank\" rel=\"noopener\">Industroyer<\/a>.<\/p>\n<p>Sandworm&#8217;s rampant use of disk wipers in its new campaigns is consistent with a broader increase in threat actor use of such malware in both the <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/cyberattacks-in-ukraine-could-soon-spillover-to-other-countries\" target=\"_blank\" rel=\"noopener\">weeks leading up to Russia&#8217;s invasion<\/a> of Ukraine, and in the months since then.<\/p>\n<p>At a session during Black Hat Middle East &amp; Africa last November, Max Kersten, a malware analust from Trellix, released details of an analysis he had conducted of disk wipers in the wild in the first half of 2022. The researcher&#8217;s study identified more than 20 wiper families that threat actors had deployed during the period, many of them against targets in Ukraine. Some examples of the more prolific ones included wipers that masqueraded as ransomware, such as <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/fears-rise-of-potential-russian-cyberattacks-on-us-allies-over-sanctions\" target=\"_blank\" rel=\"noopener\">WhisperGate and HermeticWiper<\/a>, and others such as IsaacWiper, RURansomw, and <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/-russian-group-sandworm-s-attempt-to-disrupt-ukraine-power-grid-foiled\" target=\"_blank\" rel=\"noopener\">CaddyWiper<\/a>.<\/p>\n<p>The researcher&#8217;s study showed that, from a functionality standpoint, disk wipers had evolved little since the &#8220;Shamoon&#8221; virus of more than a decade ago that destroyed <a href=\"https:\/\/www.darkreading.com\/endpoint\/wipermania-malware-potent-threat-since-shamoon\" target=\"_blank\" rel=\"noopener\">thousands of systems at Saudi Aramco<\/a>. The major reason is that attackers usually deploy wipers to sabotage and destroy systems and therefore have little need for building in the stealth and evasiveness required for other types of malware to be successful.<\/p>\n<p>So far, threat actors have used disk wiping malware only relatively sparingly against organizations in the US, because their motivations have been typically different than those going after targets in Ukraine. Most attacks targeting organizations in US tend to be financially motivated, or involve a spying or cyber-espionage bent. However, that doesn&#8217;t mean threat actors cannot launch the same kind of destructive attacks in the US if they choose too, analysts have cautioned.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/russia-sandworm-apt-swarm-wiper-attacks-ukraine\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/russia-sandworm-apt-swarm-wiper-attacks-ukraine\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-50331","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Russia&#039;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russia&#039;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-30T22:32:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Russia&#8217;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine\",\"datePublished\":\"2023-01-30T22:32:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/\"},\"wordCount\":756,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0983a09c8dc727e9\\\/63d835e2c4f1c1744a725b8b\\\/eraser_JIMBO_EKAPAT_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/\",\"name\":\"Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0983a09c8dc727e9\\\/63d835e2c4f1c1744a725b8b\\\/eraser_JIMBO_EKAPAT_shutterstock.jpg\",\"datePublished\":\"2023-01-30T22:32:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0983a09c8dc727e9\\\/63d835e2c4f1c1744a725b8b\\\/eraser_JIMBO_EKAPAT_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0983a09c8dc727e9\\\/63d835e2c4f1c1744a725b8b\\\/eraser_JIMBO_EKAPAT_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Russia&#8217;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/","og_locale":"en_US","og_type":"article","og_title":"Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-30T22:32:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Russia&#8217;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine","datePublished":"2023-01-30T22:32:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/"},"wordCount":756,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/","url":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/","name":"Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg","datePublished":"2023-01-30T22:32:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0983a09c8dc727e9\/63d835e2c4f1c1744a725b8b\/eraser_JIMBO_EKAPAT_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/russias-sandworm-apt-launches-swarm-of-wiper-attacks-in-ukraine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Russia&#8217;s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50331"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50331\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}