Russian hackers linked to Russia’s military intelligence have intensified cyberattacks against Ukraine, targeting the grain, energy, and government sectors, reports cybersecurity company ESET, as reported by The Record.
According to experts, from June to September, the Sandworm group deployed a series of malicious programs known as “wipers” to destroy data in Ukrainian organizations. Among the affected were grain industry enterprises, energy companies, logistics firms, and government institutions.
Sandworm, which Western intelligence agencies associate with the GRU, has been behind some of the most destructive cyberattacks against Ukraine — including the 2015 power grid blackout, the NotPetya virus in 2017, and the hack of the Kyivstar telecom operator last year. Now, the agricultural sector — a key source of Ukraine’s export revenue, previously rarely targeted — has become a new focus.
According to ESET, in the spring, the hackers used two types of malware — Zerolot and Sting — initially attacking a Ukrainian university and then launching new waves of attacks against agribusiness and energy companies. These wiper programs erase data irreversibly, paralyzing system operations.
Researchers link Sandworm’s actions to another group, UAC-0099, which reportedly carried out the initial network intrusions in Ukrainian organizations and then handed access to its Russian allies. Ukraine’s Computer Emergency Response Team (CERT-UA) notes that this group has been active since 2022, regularly attacking government and defense structures.
ESET emphasizes that Sandworm’s attacks demonstrate the continued use of destructive methods against Ukraine, despite reports that Russian hackers are shifting toward espionage operations. Ukrainian cyber authorities note that such attacks are often coordinated with Russian missile and drone strikes, amplifying their impact.
Beyond Ukraine, Russian cyber groups, including RomCom and Gamaredon, continue to target EU countries, primarily organizations linked to Ukrainian defense and logistics. ESET experts stress that most attacks outside Ukraine are also war-related, indicating the ongoing focus of Russian intelligence on Ukraine.
