‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine

The new book explains why Ukraine has been linked to almost every major cyberattack and how cyberwarfare's ultimate consquence is the danger to people's lives.
Sandworm book review
(Getty images)

For experts, trying to definitively explain the full scope of a cybersecurity incident is often a difficult and delicate process. They normally don’t find reason to tie attacks back to 13th-century massacres at the hands of Mongolian warlords.

Yet, in “Sandworm,” the new book from Wired magazine’s Andy Greenberg, it’s the Mongols’ 13th-century raid on Ukraine (and other brutalities the region has endured) that helps explain why this area in the world has been linked to almost every major cyberattack in the past decade.

“Sandworm” chronicles the hacker group of the same name, diving into the hectic moments behind the Russian outfit’s attacks, which have hit targets from the Ukrainian power grid to international shipping conglomerates.

The book shows that attacks like BlackEnergy, NotPetya and Olympic Destroyer do not happen in a vacuum. Greenberg weaves them and others into a narrative that illuminates the personalities responsible for studying or thwarting Sandworm’s attacks. The net result is a story that’s miles away from technical jargon, exploring cyberwar’s ultimate consequence — the danger to people’s lives.


“I really wanted this book to be about human stories,” Greenberg told CyberScoop. “A more human book about cyberwar than had ever been written before.”

And while cyberwarfare’s global players — the U.S., Russia, China, Iran and North Korea — all have their hand in the book’s narrative, the battlefield always seems to work its way back to Ukraine. The region has been a lightning rod for geopolitical conflict for centuries.

“Ukraine has always been caught between warring powers, and we’ve always ignored those conflicts in the West, treated [them] as someone else’s regional conflict,” Greenberg told CyberScoop. “This is a story about how in cyberwar, that kind of geography breaks down and it’s a war that’s played by different rules … We can no longer ignore these ‘far away’ conflicts.”

While “Sandworm” will serve as a go-to historical study for this volatile period in cyberwarfare, its bigger purpose may be in how it impacts the future. Researchers often bristle at pointing the finger at those responsible for cyberattacks, but without chronicles like Greenberg’s book, it’s tough for the world to get to a point where the digital hordes aren’t ransacking Ukraine for all its worth.

“I feel like I’ve sought attribution in this story in a way that a lot of the cybersecurity community hasn’t,” Greenberg said. “I think part of the message of this book is that attribution, as hard as it is — and it is very hard — is necessary for studying global norms and preventing these kinds of digital disasters from occurring again.”


Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers; 331 pages, Doubleday Publishing

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts