Security News > 2023 > November > Russia's Sandworm – not just missile strikes – to blame for Ukrainian power blackouts
Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants.
That's according to Mandiant's threat intel team, which said Russia's Sandworm crew was behind the two-pronged power-outage and data-wiping attack.
The intruders snooped around the SCADA system for up to three months and then, on October 10, Sandworm used an optical disc image named "a.iso" to execute a native MicroSCADA binary that included the commands to switch off substations, causing the unplanned power outage.
Two days later on October 12, the Sandworm crew followed up with a data-wiping attack against the same power plant, deploying a variant of CaddyWiper to the IT environment.
The execution of the malicious code that tripped the substation circuit breakers on October 10, 2022 coincided with the start of a multi-day set of coordinated missile strikes on critical infrastructure across multiple Ukrainian cities - including the one that housed the power plant.
While Mandiant says it can't definitively conclude that the cyberattack on the power plant was deliberately timed to the missile attacks, the report - seen by The Register and expected to be published here - notes "The timing of the attack overlaps with Russian kinetic operations."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/09/russias_sandworm_power_plant_attack/