Sandworm
Editorial pickA New Era of Cyberwarfare and the Hunt for the Kremlin's Most Dangerous Hackers
By Andy Greenberg · Doubleday · 2019
The first cybersecurity book that reads like a thriller — and is mostly true.
Editorial take
Greenberg's Wired reporting on the GRU's Sandworm unit became the canonical account of state-sponsored cyber-physical attacks: the Ukraine grid hits, NotPetya, the Olympic Destroyer false-flag. Where most cybersecurity books are either dry policy or overhyped marketing, Sandworm is investigative journalism that takes the technical details seriously enough that practitioners trust it. Required reading for anyone with security in their portfolio — and uniquely good as a non-technical brief for executives who need to understand what 'cyberwar' actually looks like operationally.
Last hand-checked 2026-05-18.
Read if you …
- work in cybersecurity, threat intelligence, or critical infrastructure
- are an executive who needs to explain nation-state risk to a non-technical board
- want a single book that gets both the technical and the geopolitical halves right
Skip if you …
- you wanted a how-to defense playbook — this is journalism, not a defender's manual
- you're allergic to Cold-War-style narrative tension
If you only read one chapter
NotPetya
The chapter on how a Ukraine-targeted attack became the most damaging cyberattack in history (Maersk, Merck, FedEx). Single best case study of cyber spillover.
Key ideas
- State-sponsored cyber attacks are now a steady-state condition, not an exception.
- Cyber-to-physical bridging (grid, manufacturing, logistics) is the modern threat surface.
- Spillover from targeted attacks routinely causes more damage than the original target.
- Attribution is hard, but not impossible — and matters legally, not just journalistically.
About the book
Andy Greenberg's book-length expansion of his Wired investigation into Sandworm — the cyber unit of the Russian GRU responsible for the 2015 and 2016 Ukrainian power-grid attacks, the 2017 NotPetya worm, the 2018 Pyeongchang Olympics attack, and ongoing operations.
The book moves between technical reconstruction (with the help of researchers at ESET, FireEye/Mandiant, and Dragos) and on-the-ground reporting from Ukraine, Atlanta, and Moscow. It remains the most readable single account of modern state-sponsored cyber operations.
Pairs with
If Sandworm works for you, these likely will too.
The Software Engineer's Guidebook
PickGergely Orosz · 2023
The most up-to-date map of the modern engineering career ladder, written by someone who actually walked it.
Read if you are 3–10 years into engineering and trying to decide what 'good' looks like at the next level.
framework350p+intermediateThinking, Fast and Slow
PickDaniel Kahneman · 2011
The single best foundation in behavioral economics for anyone who designs products or runs decisions.
Read if you design product UX where user decision quality matters (pricing, choice architecture, defaults).
essay collection350p+intermediate