high_confidence
2015 Ukraine Electric Power Attack
[2015 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0028) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign during which they used [BlackEnergy](https://attack.mitre.org/software/S0089) (specifically BlackEnergy3) and [KillDisk](https://attack.mitre.org/software/S0607) to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.
Start date
1 December 2015
End date
1 January 2016
Techniques
17
Attributed actors
Techniques (17)
collection1
T1056.001Keylogging
command-and-control2
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access2
T1056.001Keylogging
T1040Network Sniffing
defense-impairment2
T1112Modify Registry
T1685Disable or Modify Tools
discovery2
T1018Remote System Discovery
T1040Network Sniffing
execution2
T1204.002Malicious File
T1059.005Visual Basic
initial-access3
T1078Valid Accounts
T1133External Remote Services
T1566.001Spearphishing Attachment
lateral-movement1
T1570Lateral Tool Transfer
persistence4
T1078Valid Accounts
T1133External Remote Services
T1112Modify Registry
T1136.002Domain Account
privilege-escalation2
T1078Valid Accounts
T1055Process Injection
stealth4
T1078Valid Accounts
T1070.004File Deletion
T1055Process Injection
T1218.011Rundll32
Indicators of compromise
No IOCs linked to this campaign yet.