Skip to content
CBCyber Breaches
Search

Incidents attributed to:

Sandworm

This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes.

This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage

Also known as

Quedagh, VOODOO BEAR, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS, UAC-0113, Seashell Blizzard, UAC-0082, APT44, BE2, PHANTOM, BlackEnergy Lite.

References

Actor metadata imported from Malpedia (Fraunhofer FKIE).

Related incidents

EspionageContained

Ukraine power grid attack β€” Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim
Ukrainian regional electricity distribution companies (Oblenergos)