The Sandworm group is one of the Kremlin’s most notorious cyberthreats, often working in the shadows. Western intelligence previously tied the group to a 2015 attack that took down Ukraine’s power grid, and to another disruption of the Ukrainian power grid in 2023. It is part of Russia’s GRU military intelligence division, according to the U.K. government.
The warnings come as European governments investigate the rupture of two critical undersea telecoms cables connecting EU countries — in the latest incident of “hybrid” sabotage, disruption and digital attacks seen on Europe’s eastern border with Russia since Moscow invaded neighboring Ukraine in 2022.
It adds to the sector’s woes after this week’s sharp gas price hike following an announcement by Russian giant Gazprom that it was cutting off flows to top Austrian importer OMV due to a contractual dispute.
Sandra Joyce, head of threat intelligence at Google’s Mandiant cyber division, first raised the concern with top European officials at the Tallinn Digital Summit in Estonia Tuesday.
“That’s what they’re targeting this morning as we’re sitting here,” Joyce said of Sandworm’s continued hacking attempts on Europe’s energy grid.
Google said in April that Sandworm, also called APT44 or Seashell Blizzard, “remains a formidable threat to Ukraine,” and that “to date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign.”