- Also known as Sandworm, Voodoo Bear, and Electrum. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage. Code used by this threat actor was also found in the alleged Russian compromise of networking equipment. There is possible overlap between Black Energy and the threat actor behind the compromise of the 2018 Winter Olympics.
This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. In 2018, Germany’s domestic intelligence agency released a technical alert about this threat actor, and the United Kingdom attributed the actor to Russian military intelligence.
Suspected state sponsor
- Russian Federation
Type of incident
- Private sector