Campaign · all campaigns
2016 Ukraine Electric Power AttackC0025 state
🇷🇺 RU · GRU · Unit 74455
aka 2016 Ukraine Electric Power Attack
Run by Sandworm Team
Last updated: 2026-07-03
1attributed CVEs
28ATT&CK techniques
4.3IDF score (tooling uniqueness)
1exclusive CVEs
2015years active
About this actor
[2016 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0025) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign during which they used [Industroyer](https://attack.mitre.org/software/S0604) malware to target and disrupt distribution substations within the Ukrainian power grid. This campaign was the second major public attack conducted against Ukraine by [Sandworm Team](https://attack.mitre.org/groups/G0034).(Citation: ESET Industroyer)(Citation: Dragos Crashoverride 2018)
Source: MITRE ATT&CK
Activity timeline
- 2015 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2015-5374 | 8.0 | 0.0 | 0.8568 | 2015-07-18 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 24 / 28 | 86% |
SI-4 | 24 / 28 | 86% |
AC-3 | 23 / 28 | 82% |
AC-2 | 21 / 28 | 75% |
CM-2 | 21 / 28 | 75% |
AC-6 | 20 / 28 | 71% |
CM-7 | 18 / 28 | 64% |
SI-7 | 18 / 28 | 64% |
IA-2 | 17 / 28 | 61% |
SI-3 | 17 / 28 | 61% |
AC-5 | 16 / 28 | 57% |
CM-5 | 16 / 28 | 57% |
CA-7 | 12 / 28 | 43% |
SI-10 | 9 / 28 | 32% |
AC-17 | 8 / 28 | 29% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- HomeLand Justice 0.31
- Agrius 0.29
- Blue Mockingbird 0.26
- GALLIUM 0.24
- APT5 0.23
Active in same years
- NEODYMIUM 1.00
- PROMETHIUM 1.00
- APT37 1.00
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00