A cyberattack causing power outages all across ukraine by Sandworm Group
Launched through a excel macro attack.
- Stole VPN and AD creds, controlled HMI and shut down every circuit breaker
- Used Killdisk to wipe operator PCs
Takeaway
- Monitor and restrict remote HMI access
- IT breaches can cascade into OT outages
- Network Segmentation is required