Russian Sandworm disrupts power in Ukraine with a new OT attack

The Russian APT group Sandworm disrupted power in Ukraine using a novel operational technology (OT) attack during mass missile strikes in October. The group likely used OT-level techniques to trigger a power outage by tripping substation circuit breakers, and then deployed a new variant of the CADDYWIPER data wiper, thereby destroying operations and removing forensic artifacts. Sandworm has displayed a growing ability to develop new capabilities and leverage different kinds of OT infrastructure to execute attacks.