December 17, 2016
The attack on the Pivnichna transmission facility shut down the remote terminal units that control circuit breakers. Oleksii Yasynskyi, head of research for Information Systems Security Partners in Ukraine, said the attackers belonged to several different groups that worked together. Among other things, they gathered passwords for targeted servers and workstations and created custom malware for their targets. Sandworm suspected in deploying Industroyer (also: CrashOverride) malware, by exploiting a vulnerability in Siemens SIPROTEC relays.
The hack was less severe than the one used in the 2015 attack, which rendered the devices inoperable and prevented engineers from remotely restoring power.