Scenario

Being in the ICS Industry, your security team always needs to be up to date and should be aware of the threats targeting organizations in your industry. You just started as a Threat intelligence intern, with a bit of SOC experience. Your manager has given you a task to test your skills in research and how well can you utilize Mitre Att&ck to your advantage. Do your research on Sandworm Team, also known as BlackEnergy Group and APT44. Utilize Mitre ATT&CK to understand how to map adversary behavior and tactics in actionable form. Smash the assessment and impress your manager as Threat intelligence is your passion.

https://app.hackthebox.com/sherlocks/UFO-1

1- According to the sources cited by Mitre, in what year did the Sandworm Team begin operations?

2009

we can find the answer in mitre introduction

2- Mitre notes two credential access techniques used by the BlackEnergy group to access several hosts in the compromised network during a 2016 campaign against the Ukrainian electric power grid. One is LSASS Memory access (T1003.001). What is the Attack ID for the other?

T1110

for this we go to the campaign section and select 2016 campaign then go to TTPs used during this campaign you can find the answer from the techniques but for better view we open mitre navigator

here we can see all the TTPs of 2016 campaign we look under credential access and will see the group used brute force with lsass dumping