Russian hackers target European energy sector amid winter fears

The upcoming winter may spur hackers acting on behalf of the Russian Federation. The Sandworm group, collaborating with Kremlin intelligence, has frequently been active in this area.

Jamie Collier, the Chief Threat Intelligence Advisor at Google, warns about this team in an interview with Politico, describing them as "most skilled, stealthy" experts. "With the onset of winter, this becomes an obvious cause for concern," Collier added.

The Sandworm group is one of the most notorious cyber threats from the Kremlin, often operating covertly. Western intelligence previously linked the group to the 2015 attack that disrupted the Ukrainian electricity grid. They are also credited with disrupting Ukraine's energy grid in 2023.

According to the British government, Sandworm is part of the Russian military intelligence GRU. The warnings come as the intelligence agencies of European countries investigate the severing of two key undersea telecommunication cables connecting EU countries.

Instances of "hybrid" sabotage, disruptions, and digital attacks have been recorded since the Russian aggression against Ukraine in 2022. These occur most frequently in countries bordering Europe and Russia.

In April of this year, Google reported that Sandworm, also known as APT44 or Seashell Blizzard, "remains a formidable threat to Ukraine." "To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign," Google stated.

The group is associated with destructive attacks. It is known to be dangerous, efficiently gathering information, representing top qualifications, and employing capable experts. Russia habitually combines network intrusions with informational operations. For example, it deploys "wiper" malware to destroy systems or data, and there are also instances of data theft to hand over to hacking groups.

According to Politico, the lobby group Eurelectric published a report on Tuesday indicating that since 2022, European electricity-related companies have experienced 48 publicly known attacks. Nearly two-thirds of the global recorded cyberattacks in 2023 have originated from Russia.

European countries do not want to remain powerless in the face of these harmful activities. Cyber Europe, one of the largest cybersecurity initiatives in Europe, conducts endurance tests of the EU energy sector. In June, during a two-day exercise, 30 national cyber incident response teams repelled simulated attacks on energy infrastructure.