Attack on Kyiv Power Substation Shut Down Remote Terminals

February 27, 2024


The attack on the Pivnichna transmission facility shut down the remote terminal units that control circuit breakers. Oleksii Yasynskyi, head of research for Information Systems Security Partners in Ukraine, said the attackers belonged to several different groups that worked together. Among other things, they gathered passwords for targeted servers and workstations and created custom malware for their targets. Sandworm suspected in deploying Industroyer (also: CrashOverride) malware, by exploiting a vulnerability in Siemens SIPROTEC relays.

The hack was less severe than the one used in the 2015 attack, which rendered the devices inoperable and prevented engineers from remotely restoring power.

Incident Date

December 17, 2016



Estimated Cost

20% of Kyiv without power > 1 hour

Type of Malware

No Malware identified

Threat Source

No threat source identified