Targeting of the Ukrainian public sector
Date of report
  • May 2023
The Russian threat group Sandworm was observed destroying data on Ukrainian state networks using a malicious script, RoarBat. Sandworm gained initial access to the networks by compromising VPN accounts that lacked two-factor authentication.
Suspected victims
  • Ukraine’s public networks
Suspected state sponsor
  • Russian Federation
Type of incident
  • Data destruction
Target category
  • Government
Victim government reaction
  • Yes
Policy response
Suspected state sponsor response