Campaign · all campaigns
2022 Ukraine Electric Power AttackC0034 state
🇷🇺 RU · GRU · Unit 74455
aka 2022 Ukraine Electric Power Attack
Run by Sandworm Team
Last updated: 2026-07-03
0attributed CVEs
16ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
The [2022 Ukraine Electric Power Attack](https://attack.mitre.org/campaigns/C0034) was a [Sandworm Team](https://attack.mitre.org/groups/G0034) campaign that used a combination of GOGETTER, Neo-REGEORG, [CaddyWiper](https://attack.mitre.org/software/S0693), and living of the land (LotL) techniques to gain access to a Ukrainian electric utility to send unauthorized commands from their SCADA system.(Citation: Mandiant-Sandworm-Ukraine-2022)(Citation: Dragos-Sandworm-Ukraine-2022)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-3 | 14 / 16 | 88% |
CM-2 | 14 / 16 | 88% |
SI-4 | 14 / 16 | 88% |
CM-6 | 13 / 16 | 81% |
AC-6 | 11 / 16 | 69% |
AC-2 | 10 / 16 | 62% |
AC-5 | 9 / 16 | 56% |
CM-7 | 9 / 16 | 56% |
SI-3 | 9 / 16 | 56% |
CM-5 | 8 / 16 | 50% |
IA-2 | 8 / 16 | 50% |
RA-5 | 8 / 16 | 50% |
CA-7 | 7 / 16 | 44% |
SI-7 | 7 / 16 | 44% |
SI-10 | 6 / 16 | 38% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- C0032 0.22
- SharePoint ToolShell Exploitation 0.18
- FIN10 0.18
- Triton Safety Instrumented System Attack 0.17
- Cinnamon Tempest 0.17
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00