Cyber Resilience

Campaign · all campaigns

2015 Ukraine Electric Power AttackC0028 state

🇷🇺 RU · GRU · Unit 74455

aka 2015 Ukraine Electric Power Attack

Run by Sandworm Team

Last updated: 2026-07-03

3attributed CVEs
25ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2014years active

About this actor

[2015 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0028) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign during which they used [BlackEnergy](https://attack.mitre.org/software/S0089) (specifically BlackEnergy3) and [KillDisk](https://attack.mitre.org/software/S0607) to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2014-6277 8.00.00.97112014-09-27see CVE
CVE-2014-7186 8.00.00.97372014-09-28see CVE
CVE-2014-7187 8.00.00.97052014-09-28see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-420 / 2580%
CM-618 / 2572%
CM-716 / 2564%
CA-715 / 2560%
CM-214 / 2556%
SC-714 / 2556%
SI-314 / 2556%
SI-713 / 2552%
AC-412 / 2548%
AC-311 / 2544%
AC-611 / 2544%
AC-29 / 2536%
IA-29 / 2536%
AC-58 / 2532%
CM-57 / 2528%

Co-occurring actors

None.

Similar actors

Similar TTPs

Active in same years