ABSTRACT
Sandworm is a Russian group of hackers who were responsible for the power outage in Ukraine on December 2015. They were named Sandworm in reference to the science fiction book Dune, which features a race of desert-dwelling creatures that are worshipped as gods. The author Frank Herbert began publishing the series in 1965, and the hackers who wrote the BlackEnergy malware included a number of references hidden in the code. Sandworm Team went to ground shortly after being exposed in October 2014, and the malware with Dune references, which had been previously used to track them, disappeared entirely. However, the unique malware variant, BlackEnergy 3, reemerged in Ukraine early in 2015, where Sandworm Team was firstly found. Sandworm has focused almost exclusively on Ukrainian entities, including Prime Minister Arseniy Yatsenyuk and Kiev mayor Vitali Klitschko, but is also suspected in a breach on a Polish energy firm and NATO targets.
