Sandworm, a hacker group affiliated with Russia’s Main Directorate of the General Staff of the Armed Forces (GRU), has attempted to target a dozen critical infrastructure enterprises across Ukraine to disrupt the energy, water and heating supply.

According to the Computer Emergency Response Team of Ukraine (CERT-UA), the hacks were ultimately aimed at disabling the information and communication systems (ICS) of a dozen enterprises in 10 Ukrainian regions by first targeting companies within the supply chains and obtaining primary access to the system.

“The final plan of the enemy was to disable the ICS equipment, which should cause even more damage to Ukraine against the background of spring missile attacks on critical infrastructure,” reads the agency’s report.


The agency called for Ukrainians to “take measures to protect themselves and their data” and gave a list of recommendations to safeguard their cybersecurity, such as using multi-factor authentication and implementing a “zero trust” approach that requires strict verification while granting any user access for enterprises.

It’s believed the Sandworm group was also behind the infamous NotPetya attack, a malware disguised as ransomware that demands payment from victims, but in reality, has no functioning recovery feature and would simply erase user data regardless of payment.

Ukraine Battles to Hold Back Russia Advance
Other Topics of Interest

Ukraine Battles to Hold Back Russia Advance

Moscow seized 278 square kilometers (107 square miles) of Ukrainian territory between May 9 and 15, according to AFP calculations based on data from the Institute for the Study of War (ISW).

Cyberattacks have been commonplace throughout the war in Ukraine, with hacker groups affiliated with either government launching cyberattacks on private enterprises and critical infrastructure.

In December, another Russian hacker group launched one of the largest cyberattacks on Ukraine to date against Ukraine’s telecom giant Kyivstar. The attack destroyed part of Kyivstar’s infrastructure and left thousands without internet access for days. The hack also reportedly disrupted the air siren warning system in some regions, where sirens were not activated prior to Russian airstrikes.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter