Russian Military Hackers Behind 2022 Power Outage in Ukraine: Mandiant Report

The cyberattack by Russia's GRU-affiliated Sandworm team used an evolved 'living off the land' approach, exploited legitimate network tools, and was potentially coordinated with physical missile strikes; the attack intensified concerns around the targeted specific vulnerabilities of OT systems in critical infrastructure worldwide.

Russian military hackers, known as the Sandworm team, were found to be behind a power outage in Ukraine in 2022, marking the third known cyberattack on an energy system leading to a power outage. Earlier instances were also linked to the same Russian unit (GRU) and occurred in Ukraine in 2015 and 2016.
This attack further highlights the vulnerability of critical infrastructure and showcases the hackers' evolved 'living off the land' approach, which involves exploiting legitimate network tools, minimizing need for creating custom malware and thus staying under the radar of security systems.
The cyberattack coincided with a period of missile strikes carried out by Russia against Ukraine, leading to complications in restoring power. This raises concerns about potential coordination between cyberattacks and physical strikes against the same target, intensifying the impact of the attacks.
The Sandworm hackers employed a new variant of their data-erasing 'wiper' malware two days after causing the blackout to cover their tracks. However, they overlooked crucial digital footprints on the power plant’s industrial systems, suggesting possible lack of coordination among the team.
The attack utilized a flaw in the power substation's management computers allowing the hackers to send disabling commands. This shows a significant shift in the hackers' techniques, emphasizing their capacity to identify new ways of attacking systems and developing necessary tools quickly and efficiently.
Mandiant's report warns that this attack signifies an alarming potential of rapid development of similar capabilities against different industrial equipment worldwide by the Russian forces.