Russian Sandworm Behind Operational Disruption of Ukraine Energy Facility in October 2022

November 14, 2023


According to Google-owned US cybersecurity firm Mandiant, Russia-linked hacking group Sandworm were behind hacks on Ukraine energy infrastructure during the October 2022 blackouts. The attack is a rare example of a cyber incident disrupting the physical operation of a targeted facility, according to Mandiant. The techniques used during the attack show a growing maturity of Russia’s operational technology-oriented offensive cyber capabilities and overall approach to attacking such systems, Mandiant said.

Incident Date

October 1, 2022



Estimated Cost



Type of Malware

No Malware identified

Threat Source