Sandworm targeted Ukrainian local government networks in November 2022 with Caddywiper malware, which wipes most data on a system while preserving domain controllers. Researchers speculate this function allows Sandworm to maintain access inside networks after deploying Caddywiper.
- Local government entities throughout Ukraine
Suspected state sponsor
- Russian Federation
Type of incident
- Data destruction