Before I came across this book I had read about the NotPetya attacks, particularly how it affected Maersk, and had listened to the Darknet Diaries podcast with Andy Greenberg. I was fascinated by the story and just had to know more. Now that I have read it, I now realize all these different cyber attacks, APTs, hacking tools, and malware all fit together like pieces of a giant jigsaw puzzle called Sandworm.

One of the things I found so interesting about this book was how the security researchers from TrendMicro, FireEye, ESET, and Dragos all unraveled the same mystery from different aspects of the same group. Each firm has its own specialty, capabilities, and information repositories from antivirus solutions installed around the world. Without these firms being able to capture, reverse engineer, and analyze these malware samples I assume we would all be completely unaware about Sandworm. The United States was extremely unlikely to ever disclose the group after the fact it refused to condemn the attacks in Ukraine in an effort to maintain its ability to wage cyberwar.

Sandworm provides a unique look into the Russia - Ukraine cyber conflict which has a pedicular interest in the 2022s. How Russia used Ukraine as a live testing ground for Russia's APTs including large scale blackouts. How NotPetya was a targeted attack that escape Ukraine and destroyed millions of dollars.

I can highly recommend this book for anyone interested in Cyberwarfare. It doesn't go over techniques in detail but provides a great backdrop with the nations involved, the security companies that assist with research, and the victims of the attacks whether intentional or not.