The Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) has linked breaches against multiple French IT firms to the Sandworm hacking group, which has been attributed to Unit 74455 of Russia’s Main Intelligence Directorate (GRU). While the cause of these attacks is still unknown, what is known is that the campaign started in 2017 when the first victim was attacked. The ANSSI was able to discover the two backdoors used by the attackers, which is likely one reason authorities were able to make the association to Sandworm. Based on Sandworm’s previously seen attacks, French authorities were able to determine that the command and control infrastructure was similar to other attacks seen in the past.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in