Sandworm’s Cyber Espionage: Russia’s GRU-Linked APT Uses Pirated Software in Ukraine

Are your security defenses ready to counter the latest nation-state attack techniques? Since late 2023, Russia's elite Sandworm (APT44) team has been executing a sophisticated cyber espionage campaign with devastating effectiveness. By strategically trojanizing Microsoft KMS activation tools and disguising malware as Windows updates, they've created an extensive foothold across Ukrainian government, critical infrastructure, and business networks. On 25 March at 3:00pm CET, Arda Buyukkaya, Senior Threat Analyst at EclecticIQ, will reveal Sandworm's exploitation of Ukrainian software piracy, the technical intricacies of their BACKORDER loader and Dark Crystal RAT, and why current security defenses are falling short. Why you can't afford to miss this webinar: 1. Actionable Defenses: Walk away with specific SIGMA & YARA rules you can implement immediately to detect Sandworm's activities in your environment. 2. Insider Analysis: Get a rare technical deep-dive into how nation-state actors leverage Living Off the Land Binaries (LOLBINs) to disable security tools and maintain persistence. 3. Strategic Intelligence: Understand the attribution evidence linking this campaign to Russian military intelligence, including infrastructure reuse patterns and malware fingerprints. 4. Practical Recommendations: Receive tailored mitigation strategies that work even in resource-constrained environments. Whether you're a frontline security analyst, threat hunter, or security leader, this session delivers the technical insights and actionable intelligence you need to strengthen your defenses against threat actors. Join us to help stay ahead of these evolving tactics.