Sandworm Deploys New Wiper Malware Against Ukrainian Energy Grid

Monday, March 16, 2026 at 07:00 AM UTC·Source: CERT-UA / Mandiant

Updated: Friday, April 24, 2026 at 06:06 PM UTC

Executive Summary

Russian GRU Sandworm group deploys new wiper variant AcidBurn targeting Ukrainian power distribution systems during winter heating season.

Analysis

Sandworm deployed AcidBurn wiper malware against three Ukrainian regional power distribution companies. The malware targets both IT systems and OT/ICS components, specifically Schneider Electric SCADA platforms. Attack timed to coincide with sub-zero temperatures. Ukrainian CERT and international partners contained the attack before widespread outages occurred.

Timeline

Discovered

Mar 15, 2026

Exploitation Detected

Mar 15, 2026

Published

Mar 16, 2026

Source Attribution

Originally published by CERT-UA / Mandiant on Mar 16, 2026. Verified by: CERT-UA, Mandiant, CISA.

Related Threats

MEDIUMAiNEW

Shifting Budget Dynamics for Identity Security and AI Agents

AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.

Just nowDark Reading

MEDIUMAiNEW

The Boring Stuff is Dangerous Now

AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.

Just nowDark Reading

MEDIUMAiNEW

OpenAI begins roll out of personal finance suite

OpenAI has released a preview of a new integration with account aggregator Plaid that enables ChatGPT users to connect all of their accounts and ask questions ranging from spending analysis to future financial planning.

10m agoFinextra