Security News > 2023 > November > Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack

Mandiant, a cybersecurity company owned by Google, has revealed the details of a 2022 cyberattack run by Russian threat actor Sandworm.

The threat group then accessed the OT environment "Through a hypervisor that hosted a Supervisory Control And Data Acquisition management instance for the victim's substation environment," according to Mandiant researchers, who stated the attacker potentially had access to the SCADA system for up to three months.

According to Mandiant, the attack resulted in an unscheduled power outage.

Six Unit 74455 officers associated to Sandworm were indicted in 2020 for several operations: Attacks against Ukrainian electrical companies and government organizations; the targeting of the 2017 French presidential campaign, the 2018 Olympic Destroyer attack against the Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons and attacks against Georgia in 2018 and 2019.

Sandworm's latest attack, in addition to previous attacks originating from Russia such as the Industroyer incidents, which also targeted OT, show efforts from Russia to streamline OT attack capabilities through simplified deployment features, according to Mandiant.

The timing of this Sandworm attack is also intriguing.

News URL

https://www.techrepublic.com/article/sandworm-threat-actor-disrupts-power-ukraine/