Campaign · all campaigns
2015 Ukraine Electric Power AttackC0028 state
🇷🇺 RU · GRU · Unit 74455
aka 2015 Ukraine Electric Power Attack
Run by Sandworm Team
Last updated: 2026-07-03
3attributed CVEs
25ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2014years active
About this actor
[2015 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0028) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign during which they used [BlackEnergy](https://attack.mitre.org/software/S0089) (specifically BlackEnergy3) and [KillDisk](https://attack.mitre.org/software/S0607) to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.
Source: MITRE ATT&CK
Activity timeline
- 2014 — 3 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2014-6277 | 8.0 | 0.0 | 0.9711 | 2014-09-27 | see CVE |
CVE-2014-7186 | 8.0 | 0.0 | 0.9737 | 2014-09-28 | see CVE |
CVE-2014-7187 | 8.0 | 0.0 | 0.9705 | 2014-09-28 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 20 / 25 | 80% |
CM-6 | 18 / 25 | 72% |
CM-7 | 16 / 25 | 64% |
CA-7 | 15 / 25 | 60% |
CM-2 | 14 / 25 | 56% |
SC-7 | 14 / 25 | 56% |
SI-3 | 14 / 25 | 56% |
SI-7 | 13 / 25 | 52% |
AC-4 | 12 / 25 | 48% |
AC-3 | 11 / 25 | 44% |
AC-6 | 11 / 25 | 44% |
AC-2 | 9 / 25 | 36% |
IA-2 | 9 / 25 | 36% |
AC-5 | 8 / 25 | 32% |
CM-5 | 7 / 25 | 28% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- FIN4 0.32
- Rancor 0.32
- Gorgon Group 0.26
- TA551 0.26
- Silence 0.26
Active in same years
- APT37 1.00
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00