• 3 minutes e-car sales collapse
  • 6 minutes America Is Exceptional in Its Political Divide
  • 11 minutes Perovskites, a ‘dirt cheap’ alternative to silicon, just got a lot more efficient
  • 5 days They pay YOU to TAKE Natural Gas
  • 1 day How Far Have We Really Gotten With Alternative Energy
  • 1 day What fool thought this was a good idea...
  • 4 days Why does this keep coming up? (The Renewable Energy Land Rush Could Threaten Food Security)
  • 2 hours A question...
  • 10 days The United States produced more crude oil than any nation, at any time.
RFE/RL staff

RFE/RL staff

RFE/RL journalists report the news in 21 countries where a free press is banned by the government or not fully established. We provide what many…

More Info

Premium Content

Report: Russian Military-Linked Hackers Responsible For 2022 Ukraine Grid Outage

  • A report from U.S. cybersecurity firm Mandiant blames GRU for the 2022 Ukraine grid disruption using sophisticated new tools.
  • Sandworm hackers had cut the power to the region in Ukraine in the cyberattack, wiping linked computer servers. 
  • Russian intelligence and security agencies have overlapping cyber operations, including global espionage.

Hackers affiliated with Russia’s military intelligence agency penetrated and disrupted parts of Ukraine’s electricity grid late last year using sophisticated new hacking tools, a new report said.

The findings, by the U.S. cybersecurity firm Mandiant, add further evidence about the tools used by, as well as the sophistication of, the agency known as the GRU in targeting not only Ukraine, but other places around the globe as well.

“This attack represents the latest evolution in Russia’s cyber physical attack capability, which has been increasingly visible since Russia’s invasion of Ukraine,” the Mandiant report said.

A GRU entity known as Unit 74455 has been blamed for some of the most damaging cyberattacks across the world over the past decade. Known widely by the nickname “Sandworm,” the unit gained notoriety when it penetrated Ukraine’s electricity grid in 2015, cutting off power to more than 200,000 people.

In 2020, U.S. prosecutors announced an indictment against six officers from Unit 74455 for a series of hacks that targeted French presidential elections, the 2018 Pyeongchang Olympics, and the international organization investigating Russia's use of a deadly nerve agent.

GRU officers were also indicted by the United States in the hack of U.S. political parties in the run-up to the 2016 presidential election.

In October 2022, Russia launched a wave of missile and drone strikes on Ukraine's power grid, causing blackouts in many parts of the country. Kyiv scrambled to contain the damage and was forced to temporarily leave four regions without electricity.

At the same time, Mandiant said, the Sandworm hackers were able to cut power in one unidentified region of Ukraine by tripping circuit breakers at an electrical substation. The group then used software to wipe some of the linked computer servers in an effort to cover their tracks.

“Beyond Ukraine, the group continues to sustain espionage operations that are global in scope and illustrative of the Russian military's far-reaching ambitions and interests in other regions,” Mandiant said.

Russia's intelligence and security agencies have overlapping, sometimes competing cyberoperations. Aside from the GRU, the Foreign Intelligence Service has been accused in the hacking of U.S. political campaigns in 2016.

Russia’s main domestic security agency, the Federal Security Service, has two known cyber-units. The first, Center 18, or the Center for Information Security, was roiled by a major treason scandal in 2019.

The other is Center 16, formally known as the Center for Radio-Electronic Intelligence by Means of Communication, or Military Unit 71330, which oversees the FSB's signals intelligence capabilities, including intercepting communications, decryption, and data processing.

Center 16 was behind a unique bit of malicious code that lurked on computers servers in the West for decades, conducting secret surveillance of users. Authorities in five countries announced in May that they had successfully unplugged that malware, known as Snake, or Uroburos, or Venomous Bear.

Russian nongovernmental organizations have also been implicated in hacking efforts. In 2018, the U.S. Justice Department indicted the Internet Research Agency -- a so-called "troll factory" controlled by the late Yevgeny Prigozhin, then a close confidant of President Vladimir Putin --which specialized in creating fake social media accounts and spreading disinformation and propaganda.


The department also indicted Prigozhin himself and 15 other Russian individuals for alleged fraud "for the purpose of interfering with the U.S. political and electoral processes, including the presidential election of 2016."


More Top Reads From Oilprice.com:

Download The Free Oilprice App Today

Back to homepage

Leave a comment

Leave a comment

EXXON Mobil -0.35
Open57.81 Trading Vol.6.96M Previous Vol.241.7B
BUY 57.15
Sell 57.00
Oilprice - The No. 1 Source for Oil & Energy News