Security News > 2023 > November > Sandworm hackers incapacitated Ukrainian power grid amid missile strike

Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant.

In this particular "Multi-event cyber attack" described by Mandiant, they used living off the land techniques to target OT systems and trigger a power outage, which happened simultaneously with missile strikes on Ukrainian critical infrastructure.

On October 10, Sandworm used an optical disc image to execute a native MicroSCADA binary whose control commands switched off substations, resulting in an unscheduled power outage.

Two days later, Sandworm deployed a new variant of CaddyWiper to cause additional disruption to the IT environment and remove forensic evidence.

In April 2022, the Computer Emergency Response Team of Ukraine, with the help of ESET and Microsoft security experts, managed to prevent a cyberattack by Sandworm on a Ukrainian energy provider.

Mandiant researchers noted that Sandworm "Potentially developed the disruptive capability as early as three weeks prior to the OT event" and apparently waited to deploy it during missile strikes on critical infrastructure across several Ukrainian cities.

News URL

https://www.helpnetsecurity.com/2023/11/09/ukrainian-power-grid-disruption/