New Leader of Russia’s Sandworm Hacking Unit

Russian hacker sandworm

The infamous hacking unit in Russia’s GRU military intelligence agency known as Sandworm, is suspected to have been carrying out some of the worst cyberattacks in the history, for many years.

Now Wired has a profile of Colonel Evgenii Serebriakov, the GRU officer who’s running the Russian military intelligence service’s Sandworm unit. 

According to intelligence sources, Serebriakov was put in charge of Sandworm in the spring of 2022 after serving as deputy commander of APT28, and currently holds the rank of colonel.

Serebriakov was prosecuted along with six other GRU agents, after being caught between a close-in cyber espionage in the Netherlands in 2018 targeted the Organization for the Prohibition of Chemical Weapons in The Hague. In that foiled operation, Dutch law enforcement didn’t just identify and arrest Serebriakov and his team, who were part of a different GRU unit generally known as Fancy Bear or APT28. They also seized Serebriakov’s backpack full of technical equipment, as well as his laptop and other hacking devices in his team’s rental car. As a result, Dutch and US investigators were able to piece together Serebriakov’s travels and past operations stretching back years. Christo Grozev, the principal Russia-focused investigator for the open-source intelligence agency Bellingcat said – “He can’t just be a regular hacker anymore. The fact that Serebriakov appears to have reached that position despite being previously identified and prosecuted during the failed Dutch campaign suggests that he must have been of considerable value to the GRU, that he seems too good to be dumping”.

Serebriakov’s new position as leader of the Sandworm, formally GRU’s Unit 74455, also known by the nicknames Voodoo Bear and Iridium — puts him in charge of a group of hackers who are probably practitioners of cyber warfare a lot. best of the world. (They have also been involved in espionage and disinformation campaigns).