Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers"With the nuance of a reporter and the pace of a thriller writer, Andy Greenberg gives us a glimpse of the cyberwars of the future while at the same time placing his story in the long arc of Russian and Ukrainian history." —Anne Applebaum, bestselling author of Twilight of Democracy The true story of the most devastating act of cyberwarfare in history and the desperate hunt to identify and track the elite Russian agents behind it: "[A] chilling account of a Kremlin-led cyberattack, a new front in global conflict" (Financial Times). In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some of the world's largest businesses—from drug manufacturers to software developers to shipping companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. Hospitals went dark. NotPetya spread around the world, inflicting an unprecedented ten billion dollars in damage—the largest, most destructive cyberattack the world had ever seen. The hackers behind these attacks are quickly gaining a reputation as the most dangerous team of cyberwarriors in history: a group known as Sandworm. Working in the service of Russia's military intelligence agency, they represent a persistent, highly skilled force, one whose talents are matched by their willingness to launch broad, unrestrained attacks on the most critical infrastructure of their adversaries. They target government and private sector, military and civilians alike. A chilling, globe-spanning detective story, Sandworm considers the danger this force poses to our national security and stability. As the Kremlin's role in foreign government manipulation comes into greater focus, Sandworm exposes the realities not just of Russia's global digital offensive, but of an era where warfare ceases to be waged on the battlefield. It reveals how the lines between digital and physical conflict, between wartime and peacetime, have begun to blur—with world-shaking implications. |
Contents
Prologue | 1 |
The Zero Day BAR560 | 13 |
Force Multiplier | 19 |
StarLightMedia | 28 |
Holodomor to Chernobyl | 35 |
Maidan to Donbas | 42 |
Blackout | 50 |
The Delegation | 58 |
Mimikatz | 173 |
NotPetya | 179 |
Breakdown | 190 |
The Cost | 196 |
Aftermath | 204 |
Distance | 212 |
IDENTITY | 219 |
Defectors | 227 |
ORIGINS | 65 |
Moonlight Maze | 72 |
Estonia | 80 |
Georgia | 89 |
Stuxnet | 96 |
EVOLUTION | 107 |
Fancy Bear | 116 |
FSociety | 124 |
Poligon | 130 |
IndustroyerCrash Override | 139 |
APOTHEOSIS | 149 |
EternalBlue | 163 |
Informatsionnoye Protivoborstvo | 235 |
The Penalty | 243 |
False Flags | 254 |
Russia | 271 |
The Elephant and the Insurgent | 277 |
LESSONS | 285 |
Black Start | 296 |
Resilience | 304 |
to French Election Hacking | 315 |
335 | |
Other editions - View all
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most ... Andy Greenberg Limited preview - 2019 |
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most ... Andy Greenberg No preview available - 2019 |
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most ... Andy Greenberg No preview available - 2020 |
Common terms and phrases
agency American analysts Andy Greenberg archived Assante attack began BlackEnergy blackout blog Bossert called campaign Cherepanov civilian clues company's computers Cyber cyberattacks cybersecurity cyberspies cyberwar Delpy disruption domain election encrypted engineers ESET ESET's espionage Estonian false flag Fancy Bear files Galeotti global GRU's hackers Hultquist Ibid industrial control systems infected inside intelligence iSight Kaspersky Korea Kremlin Kyiv later leaked M.E.Doc machines Maersk malware Matonis Mimikatz months Moonlight Maze Moscow Natanz North Korea NotPetya nuclear Obama Olympic Destroyer operation phishing power grid Putin ransomware response Rob Lee Russian Russian government Russian hackers sabotage Sandworm secret security firm security researcher seemed servers Shadow Brokers Soviet staffers state-sponsored Stuxnet targets thousands tion told Trump U.S. government Ukraine Ukraine's Ukrainian Ukrenergo's utilities victims vulnerabilities WannaCry WikiLeaks Yasinsky zero day