ACCORDING to Dragos’s technical analysis, Sandworm/Electrum hackers targeted communication infrastructure and remote terminal units across roughly 30 sites, with some devices irreparably damaged. ESET last week attributed the attack to Sandworm, a Russian state‑sponsored threat group, and Dragos linked the operation—with moderate confidence—to Electrum, which it describes as related to Sandworm.
The attackers gained access to operational technology at combined heat and power plants and renewable energy dispatch centres for wind and solar facilities, primarily aiming at grid safety and stability monitoring rather than active power generation. Unlike Ukraine‑style outages in previous years, the incident did not produce electrical outages, though some ICS equipment was bricked and could not be restored in the field.
Dragos notes the operation appeared rushed and opportunistic, exploiting available access rather than executing a precisely planned campaign, and stresses that some devices were damaged beyond repair.