skip to Main Content

Ukraine, new Sandworm attack against the electric grid

New Sandworm attack against the ukranian electric grid. Russia’s GRU Unit 74455 exploited INDUSTROYER2 custom malware, CADDYWIPER, Orcshred, Soloshred and Awfulshred to cut power in a region

Ukraine countered a Sandworm (aka GRU Unit 74455) attack against its energy infrastructure. It has been announced by the CERT-UA cybersecurity experts. The goal of the Russia-linked hackers was the sabotage of the electric grid, and in particular the high-voltage electrical substations. The APT exploited the INDUSTROYER2 custom malware to target the ICS and CADDYWIPER, Orcshred, Soloshred and Awfulshred to try to erase the traces of the cyber aggression. The operation started April 8 with the deployment of the malware on Windows computers and automated workstations (CADDYWIPER, ArgeuPatch and Tailjump tools), Linux servers (OrcShred, Soloshred and AwfulShred) and high-voltage electrical substations (INDUSTROYER2). In the last case, the malicious hackers planned to cut power in an specific region, thanks to a scheduled task.

Back To Top