Sandworm by Andy Greenberg

Recently I finished reading an amazing book called Sandworm that was written by Andy Greenberg. I first found out about this book by watching Episode 54 of Darknet Diaries titled “NotPetya” which includes Andy Greenberg as the guest and of course one of the greatest content creators in cybersecurity Jack Rhysider. The podcast was phenomenal this was my first time diving into the OT/ICS world and it did an amazing job at explaining the implications of not securing ICS networks and the history of attacks that have already happened around the world. This episode hooked me into learning more about the field so I purchased Andy Greenberg’s Sandworm.

Mr. Greenberg wrote this like a story about Sandworm: a Russian-attributed APT sometimes referred to as APT28 that focuses its work on attacking OT/ICS. I’ve already read many books that were in the area of cybersecurity but this one immediately stood out to me because of the way it was written. The narrative format that the book was written in keeps the reader entertained by reading about this very destructive APT much like a story containing multiple facts from many sources that build up this entity that is Sandworm. While most books I’ve read in the industry seem to be written almost like a dictionary that does not keep the reader’s attention for long. Mr. Greenberg not only writes about Sandworm, but he also writes about other malware that has been launched to attack critical infrastructure such as Stuxnet, and how it ties back into Sandworm. He also goes into the story of the country and the agency that supports it. He presents multiple sources throughout the industry about the process that had to be taken to trace this hacking group to Russia and down to a specific unit within the GRU. Overall this book does an amazing job at casting a spotlight on one of our greatest issues internationally: nations getting their critical infrastructure attacked through the domain that is cyber and civilians being the ones that ultimately get affected. I had a great time reading this book and enjoyed learning more about this area. I highly encourage anyone already in cybersecurity or who wants to get into cybersecurity to read this book.