What’s worrying about this report is that it’s coming from Google itself.
With Russia’s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group’s operations in support of Moscow’s war aims have proven tactically and operationally adaptable…
…Mandiant continues to see operations from the group that are global in scope in key political, military, and economic hotspots for Russia. Additionally, with a record number of people participating in national elections in 2024, Sandworm’s history of attempting to interfere in democratic processes further elevates the severity of the threat the group may pose in the near-term.
My point being that they deem this serious enough to release publicly themselves instead of an internal memory, and that this is about an active threat actor rather than a mere vulnerability.
Google has been trying to get into the security game for a while, especially after Microsoft parachuting to the top with Defender/Sentinel etc.
It’s good business to release threat intelligence that speaks to high-profile topics to garner credibility.
With that said, they revealed nothing new that we, security professionals (inc. gov agencies), didn’t already know for a long while.
Cyber security companies report on APTs all the time, nothing unusual about that.