Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
Coverage of incidents attributed to Sandworm, with analysis of infrastructure, disruption, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Sandworm is a name used for an intrusion set associated in public reporting and government assessments with Russia’s GRU, although such attribution remains subject to evidence and revision. Reporting has linked the group to disruptive operations including attacks affecting Ukrainian power distribution and the 2017 NotPetya outbreak, which spread through a compromised software-update channel and caused extensive operational damage. The activity tracked under this name has included destructive malware, denial-of-service attacks, and exploitation of vulnerable systems.
For defenders, the key risk is that an intrusion can progress from access to disruption rather than simple data theft. Priorities include rapidly patching internet-facing and edge systems, enforcing multifactor authentication and least privilege, segmenting critical networks, and maintaining offline, tested backups with restoration procedures. Threat intelligence on reported Sandworm infrastructure and malware can support detection and scoping, but indicators should complement—rather than replace—behavioral monitoring and sound vulnerability-management and incident-response practices.
Weekly headline count for the current query.
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors
Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group
WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal
Ukraine’s security service says Sandworm accessed Kyivstar’s system at least six months before launching the attack
A report described the coordinated attack, in which 22 critical infrastructure firms were targeted
This previously undocumented attack suggests a growing maturity of Russia’s offensive OT arsenal
Infamous Chisel, which enables unauthorized access to compromised Android devices used by the Ukrainian military, has been linked to Sandworm
Russia's Sandworm group suspected of destructive attack
Ukrainian targets are on the receiving end of RansomBoggs variant
Military officers were indicted for the campaign in 2020
Researchers reveal the Sandworm group attempted to cut power to a large region of Ukraine