The 2021 ATT&CK Evaluations for Enterprise Call for Participation is now open. Click here to learn how to participate.

Home  >  Enterprise Wizard Spider and Sandworm Overview


Wizard Spider and Sandworm

Enterprise Evaluation 2021
  • Call For Participation
  • Evaluating
  • Preparing
  • Published
ATT&CK Description

Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since at least August 2018 against a variety of organizations, ranging from major corporations to hospitals. [1] [2]

Sandworm Team is a destructive Russian threat group that has been attributed to Russian GRU Unit 74455 by the U.S. Department of Justice and U.K. National Cyber Security Centre. Sandworm Team's most notable attacks include the 2015 and 2016 targeting of Ukrainian electrical companies and 2017's NotPetya attacks. Sandworm Team has been active since at least 2009. [1] [2] [3] [4]