In 2017, the NotPetya cyberattack caused more than $10 billion in global economic damage, disrupting ports, manufacturing operations, and logistics networks worldwide.

According to official statements from the U.S. and U.K. governments, the attack was attributed to units of russia’s military intelligence agency (GRU) — specifically the group known as Sandworm (also referred to as APT44).

The attack began in Ukraine through the compromise of accounting software but quickly spread beyond its initial target, impacting global companies such as Maersk, Merck & Co., and FedEx.

This article in the publications section is an OSINT-driven analysis: a brief history of Sandworm, its reported location and structure, its connection to MUN 74455, and publicly identified key individuals.

Using open sources, indictments, and verified reporting, we examine how state-sponsored cyber operations function.