Sandworm


The Book in 1 Sentence

An as complete of history of a Russian Cyber Threat Actor that targeted industry control systems that we will ever get without the complete disappearance of the Russian Government.

Brief Review

This book provides a detailed and easily digestible to all who read it. Andy Greenberg does a fantastic job of bringing complex geopolitical, malicious code, and poor reactions to some of the largest cyber threats in the world.

Why I Read this book

I have been looking for books that I can recommend to the individuals that I mentor and that are moving into the cyber security industry. I was previously hesitant about reading this book as I had heard that it was political, but that observation proved to be unfounded.

In-Depth Review (Favorite Quotes)

As we are over a year of the newest rendition of the war in Ukraine which started in 2023. However, in February 2022, Ukraine's power grid and internet was interrupted. As the news was coming in, all I could think about was the last time this happened. Well the last few times. I started writing a post about how I believed that these cyber attacks were a pretext for war, including a previous infections and events in Ukraine, but then as I was gathering everything together and started writing, I found this book. While this book was published in 2020, the information provided is substantially more in depth than I would have put the time in. What I do find interesting is that a lot of the same information that I was researching was covered in this book. I have added my notes below just for you too look it up if you want.

Andy does a fantastic job of presenting this information and providing a clear narrative about the events as they unfolded. There are a lot of major player in the investigation of the attacks that happened. Specifically, the name "Sandworm" comes from code names found in the malware during the first couple of waves of attacks that followed the theme from the [[Dune]]. (Funny that I started reading this and when Dune Part 2 came out without knowing that is where "Sandworm" came from).

Some of these books bounce around in time to bring together ideas and convince you of what you "Should" have learned. This books tells a straight forward story making it easy to follow. As I have answered a lot of questions about cyber threats to friends and family, it was great to read a well organized and explain set of events.

How my life / behavior / thoughts / ideas have changed as a result of reading the book.

I have been working on a series of classes for when I return to teaching following a similar book, [[Dark Territory]] and I think this would be a good fit. So the two books combined would make for a great technical class into the idea of hacking and forensics. I think that I will use some of these chapters to talk through and build a class out of it.

Rating

Cyber books can be very tedious. There is lots of technical jargon, legalize, and in this case some geopolitics that might be frustrating to hear about. However, this book does an outstanding job of presenting it in basic ways with gripping narrative and commentary that keeps you involved and care about the investigators. This book also presents a great picture of the security and issues within the leadership about how to move forward. Please read this book as it is an easy 9.

Want to get a hold of me?
Email | info@boydsbar.xyz


Notes from the post I was putting together

Feb 2022 - A Pretext for War

Ukraine's Cyber Attacks before the Invasion of Russia

DDOS (2/19/2022 & 2/21/2022)

Ukrainian banks, websites for MoD targeted by DDOS by alleged GRU

Wiper Malware (2/23/2022)

Wiper Malware targeting Ukrainian government systems discovered by ESET, compiled date of Dec 28, 2021. Why does this matter? Delivered via supply chain of a signed EaseUS partition manager driver.

Background of Cyber being the Pretext for War

Desert Storm (Dark Territory)
Uroburos (2005) Russian–Ukrainian cyberwarfare - Wikipedia
Ukrainian the testing area for Russian hackers (2015 Power Grid)
Industroyer (2016)
Petya Ransomware (2017)

References

Russian–Ukrainian cyberwarfare - Wikipedia

New Wiper Malware Targeting Ukraine Amid Russia's Military Operation

Industroyer - Wikipedia

Russia’s Cyber Threat to Ukraine Is Vast—and Underestimated | WIRED

2017 Ukraine ransomware attacks - Wikipedia

Ukraine power grid hack - Wikipedia