This Is the New Chief of Russia’s Notorious Sandworm Hacking Unit

For years, the hacking unit inside Russia’s GRU army intelligence company referred to as Sandworm has carried out a few of the worst cyberattacks in historical past—blackouts, faux ransomware, data-destroying worms—from behind a rigorously maintained veil of anonymity. However after half a decade of the spy company’s botched operations, blown cowl tales, and worldwide indictments, maybe it is no shock that pulling the masks off the person main that extremely damaging hacking group at the moment reveals a well-recognized face.

The passport Evgenii Serebriakov used to enter the Netherlands in 2018.

{Photograph}: Division of Justice

The commander of Sandworm, the infamous division of the company’s hacking forces answerable for lots of the GRU’s most aggressive campaigns of cyberwar and sabotage, is now an official named Evgenii Serebriakov, based on sources from a western intelligence service who spoke to WIRED on the situation of anonymity. If that identify rings a bell, it might be as a result of Serebriakov was indicted, together with six different GRU brokers, after being caught within the midst of a close-range cyberespionage operation within the Netherlands in 2018 that focused the Group for the Prohibition of Chemical Weapons within the Hague.

In that foiled operation, Dutch legislation enforcement did not simply establish and arrest Serebriakov and his crew, who had been a part of a distinct GRU unit commonly known as Fancy Bear or APT28. In addition they seized Serebriakov’s backpack stuffed with technical gear, in addition to his laptop computer and different hacking units in his crew’s rental automotive. In consequence, Dutch and US investigators had been capable of piece collectively Serebriakov’s travels and previous operations stretching again years and, given his newer function, now know in uncommon element the profession historical past of a rising GRU official.

In keeping with the intelligence service sources, Serebriakov was positioned answerable for Sandworm within the spring of 2022 after serving as deputy commander of APT28, and now holds the rank of colonel. Christo Grozev, the lead Russia-focused investigator for open-source intelligence outlet Bellingcat, has additionally famous Serebriakov’s rise: Round 2020, Grozev says, Serebriakov started receiving cellphone calls from GRU generals who, within the company’s strict hierarchy, solely converse to higher-level officers. Grozev, who says he purchased the cellphone information from a Russian black market supply, says he additionally noticed the GRU agent’s quantity seem within the cellphone information of one other highly effective army unit centered on counterintelligence. “I spotted he have to be in a command place,” says Grozev. “He cannot simply be an everyday hacker anymore.”

The truth that Serebriakov seems to have attained that place regardless of having been beforehand recognized and indicted within the failed Netherlands operation means that he should have important worth to the GRU—that he is “apparently too good to dump,” Grozev provides.

Serebriakov’s new place main Sandworm—formally GRU Unit 74455, but additionally recognized by the nicknames Voodoo Bear or Iridium—places him answerable for a gaggle of hackers who’re maybe the world’s most prolific practitioners of cyberwar. (They’ve additionally dabbled in espionage and disinformation campaigns.) Since 2015, Sandworm has led the Russian authorities’s unprecedented marketing campaign of cyberattacks on Ukraine: It penetrated electrical utilities in Western Ukraine and Kyiv to trigger the first- and second-ever blackouts triggered by hackers, focused Ukrainian authorities businesses, banks, and media with numerous data-destructive malware operations. In 2017, Sandworm launched NotPetya, a bit of self-replicating code that unfold to networks worldwide and inflicted a report $10 billion in harm. Sandworm then went on to sabotage the 2018 Winter Olympics in Korea and assault TV broadcasters within the nation of Georgia in 2019, a surprising report of reckless hacking.