high_confidence
2022 Ukraine Electric Power Attack
The [2022 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0034) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign that used a combination of GOGETTER, Neo-REGEORG, [CaddyWiper](https://attack.mitre.org/software/S0693), and living of the land (LotL) techniques to gain access to a Ukrainian electric utility to send unauthorized commands from their SCADA system.(Citation: Mandiant-Sandworm-Ukraine-2022)(Citation: Dragos-Sandworm-Ukraine-2022)
Start date
1 June 2022
End date
1 October 2022
Techniques
10
Attributed actors
Techniques (10)
command-and-control2
T1572Protocol Tunneling
T1095Non-Application Layer Protocol
defense-impairment1
T1484.001Group Policy Modification
execution2
T1059.001PowerShell
T1053.005Scheduled Task
impact1
T1485Data Destruction
lateral-movement1
T1570Lateral Tool Transfer
persistence3
T1543.002Systemd Service
T1505.003Web Shell
T1053.005Scheduled Task
privilege-escalation3
T1543.002Systemd Service
T1484.001Group Policy Modification
T1053.005Scheduled Task
stealth1
T1036.004Masquerade Task or Service
Indicators of compromise
No IOCs linked to this campaign yet.