Targeting of Ukrainian local government organization
Date of report
  • November 2022
Sandworm targeted Ukrainian local government networks in November 2022 with Caddywiper malware, which wipes most data on a system while preserving domain controllers. Researchers speculate this function allows Sandworm to maintain access inside networks after deploying Caddywiper.
Suspected victims
  • Local government entities throughout Ukraine
Suspected state sponsor
  • Russian Federation
Type of incident
  • Data destruction
Target category
  • Government
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response