Sandworm Deploys New Wiper Malware Against Ukrainian Energy Grid

Monday, March 16, 2026 at 07:00 AM UTC·Source: CERT-UA / Mandiant

Updated: Tuesday, March 17, 2026 at 12:00 PM UTC

Executive Summary

Russian GRU Sandworm group deploys new wiper variant AcidBurn targeting Ukrainian power distribution systems during winter heating season.

Analysis

Sandworm deployed AcidBurn wiper malware against three Ukrainian regional power distribution companies. The malware targets both IT systems and OT/ICS components, specifically Schneider Electric SCADA platforms. Attack timed to coincide with sub-zero temperatures. Ukrainian CERT and international partners contained the attack before widespread outages occurred.

Timeline

Discovered

Mar 15, 2026

Exploitation Detected

Mar 15, 2026

Published

Mar 16, 2026

Source Attribution

Originally published by CERT-UA / Mandiant on Mar 16, 2026. Verified by: CERT-UA, Mandiant, CISA.

Related Threats

MEDIUMMalware

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]

14h agoBleepingComputer

MEDIUMMalware

Bank Trojan 'Casbaneiro' Worms Through Latin America

Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.

21h agoDark Reading

MEDIUMMalware

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration

21h agoInfosecurity Magazine