Sandworm Strikes Again: Ukraine’s Power Grid in the Dark – A High-Stakes Game of Cyber ‘Lights Out’

Step aside, James Bond villains, the real-life baddies are here. The Russian hacker group, Sandworm, notorious for hacking power grids, has turned Ukraine into a real-life game of ‘Lights Out.’ Their signature move? Wiping data so clean, it puts your teenager’s ‘parent inspection’ room cleanup to shame. If unpredicted power cuts are making you lose unsaved documents, you know who to blame.

Hot Take:

Move over, Hollywood spy thrillers, and make way for the real bad guys. The notorious Russian hacker group, Sandworm, has been playing a high-stakes game of ‘Lights Out’ with Ukraine. Using a novel technique, they’ve been causing power outages and, presumably, a significant number of unsaved Word documents. The plot twist? They’re also wiping data, making the aftermath look as clean as a teenager’s room when they know their parents are due for an inspection. Now that’s what I call a ‘dirty’ clean-up operation.

Key Points:

  • Sandworm, a Russian hacker group, is behind a power outage in Ukraine in October 2022.
  • The attack was a multi-event cyber-attack, using a novel technique to impact industrial control systems.
  • Living-off-the-land (LotL) techniques likely tripped the substation’s circuit breakers, coinciding with missile strikes on Ukraine’s infrastructure.
  • A second disruptive event involved deploying a new variant of CaddyWiper in the victim’s IT environment.
  • The hackers’ method decreased the time and resources needed for the attack, and the initial vector used is still unclear.

Need to know more?

Not your Average Internet Trolls

Sandworm, more than just a group of stereotypical basement-dwelling hackers, has been causing a ruckus in Ukraine since at least 2015. They've been using malware like Industroyer to compromise the power grid. Imagine the frustration of being in the middle of your favorite Netflix show when the power cuts out. Now multiply that by a whole country.

A Shadowy Sting Operation

The alleged intrusion happened around June 2022, with Sandworm accessing the operational tech environment through a hypervisor. It's like they snuck in through the back door, tripped the main switch, and vanished without a trace. As if the unexpected blackout wasn't enough, they then deployed a data-wiping malware named CaddyWiper, presumably to erase any evidence. Talk about a hit-and-run.

The Wiper's Tale

CaddyWiper, the malware in question, isn't a new player. It first rose to infamy in March 2022, associated with the Russo-Ukrainian war. It's not just wiping data, it's erasing entire countries' worth of information faster than you can say "Sandworm".

A Global Threat Assessment

Despite the Ukraine focus, Sandworm isn't a local problem. It's a global issue. Given the worldwide deployment of MicroSCADA products and Sandworm's global threat activity, everyone should be on high alert. So, if you hear your computer making strange noises, or see an unexpected power outage, don't just blame it on the cat. It might be Sandworm at work.
Tags: CaddyWiper malware, Google's Mandiant, industrial control systems, MicroSCADA supervisory control system, Power Grid Attacks, Russo-Ukrainian war, Sandworm hackers