https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/
https://www.wired.com/story/russian-hackers-attack-ukraine/
https://www.securityweek.com/exaramel-malware-reinforces-link-between-industroyer-and-notpetya
https://www.securityweek.com/russian-hackers-target-european-governments-ahead-elections-fireeye
https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/
http://www.spywareremove.com/removetelebots.html
http://www.spywareremove.com/removegreyenergy.html
https://www.wired.com/story/sandworm-kremlin-most-dangerous-hackers
https://www.wired.com/story/sandworm-russia-cyberattack-links
https://www.wired.com/story/sandworm-android-malware/
https://www.theregister.co.uk/2019/11/28/google_12000_warnings_phishing_sandworm/
https://www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/
https://www.securityweek.com/more-threat-groups-target-electric-utilities-north-america
https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/
https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/
https://www.securityweek.com/several-exim-vulnerabilities-exploited-russia-linked-attacks
https://www.securityweek.com/nsa-publishes-iocs-associated-russian-targeting-exim-servers
https://www.wired.com/story/nsa-sandworm-exim-mail-server-warning/
https://www.securityweek.com/us-charges-russian-intelligence-officers-notpetya-industroyer-attacks
https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/
https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/
https://www.wired.com/story/sandworm-centreon-russia-hack/
https://cybernews.com/security/apt-in-action-xdspy-and-sandworm/
https://securityaffairs.co/wordpress/122401/hacking/phishing-emea-apac-governments.html
Bad Rabbit appears to be from same group based on infrastructure
http://www.securityweek.com/files-encrypted-bad-rabbit-recoverable-without-paying-ransom
http://www.securityweek.com/profiling-tool-suggests-bad-rabbit-not-financially-motivated
http://www.securityweek.com/bad-rabbit-attack-infrastructure-set-months-ago
https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/
https://www.securityweek.com/group-caused-power-outage-stops-focusing-exclusively-ukraine
https://www.securityweek.com/five-threat-groups-target-industrial-systems-dragos
https://www.theregister.co.uk/2019/03/08/citrix_hacked_data_stolen/
https://www.securityweek.com/more-russian-attacks-against-ukraine-come-light
https://www.wired.com/story/sandworm-cyclops-blink-hacking-tool/
https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf
https://www.cisa.gov/uscert/ncas/alerts/aa22-054a
https://therecord.media/us-and-uk-expose-new-russian-malware-targeting-network-devices/
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
https://www.welivesecurity.com/2022/03/21/sandworm-tale-disruption-told-anew/
https://therecord.media/us-disrupts-prolific-botnet-controlled-by-russian-military-doj-says
https://www.wired.com/story/watchguard-didnt-disclose-vulnerability-cyclops-blink/
https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
https://www.securityweek.com/ukraine-says-potent-russian-hack-against-power-grid-thwarted
https://www.wired.com/story/cyber-war-crimes-sandworm-russia-ukraine/
https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/
https://securityaffairs.co/wordpress/132227/apt/cert-ua-sandworm-follina-rce.html
https://infosec.exchange/@ESETresearch/109405531004643151
https://www.welivesecurity.com/2022/11/28/ransomboggs-new-ransomware-ukraine/
https://www.securityweek.com/video-deep-dive-pipedreamincontroller-ics-attack-framework
https://cert.gov.ua/article/3639362
https://twitter.com/gabby_roncone/status/1615760621320167424
https://www.mandiant.com/resources/blog/gru-rise-telegram-minions