**Russian State Hackers Intensify Data-Destroying Cyberattacks Against Ukraine**
Over the past several years, Russian state-sponsored hackers have consistently targeted Ukraine with sophisticated and destructive cyberattacks, using data-wiping malware to damage critical infrastructure and disrupt vital sectors of the Ukrainian economy. Recent reports from cybersecurity firm ESET reveal that one of the most notorious groups behind these attacks, Sandworm—a unit tied to Russia’s military intelligence agency, the GRU—has not only maintained its barrage of wiper attacks but has also expanded its focus to include new targets, underscoring the evolving cyber front in the ongoing conflict between Russia and Ukraine.
### Sandworm's Recent Campaigns
In April of this year, Sandworm launched a cyberattack against a Ukrainian university, deploying two distinct wiper malware strains. Wipers are a particularly destructive form of malware designed to irreversibly erase data and cripple the IT systems that store it, often rendering the targeted infrastructure inoperable. The first wiper, dubbed "Sting," was used to target fleets of Windows computers by creating a scheduled task with the name "DavaniGulyashaSdeshka," a phrase derived from Russian slang meaning “eat some goulash.” The second wiper in this attack, named "Zerlot," was employed concurrently.
Sandworm continued its offensive in June and September, unleashing several more wiper variants against critical Ukrainian sectors. These attacks primarily targeted organizations involved in government, energy, and logistics—sectors that have long been of strategic interest to Russian hackers. However, ESET noted a significant shift: this time, organizations in Ukraine’s grain industry were also targeted. While the government and energy sectors have been frequent victims of such attacks, the inclusion of the grain sector was less common. Given that grain exports are a major source of revenue for Ukraine, these attacks appear to be an attempt to inflict economic damage and weaken the nation’s war economy.
### A Decade of Destructive Cyberwarfare
Russian hackers’ use of destructive wiper malware is not new. The tactic gained global notoriety in 2017 with the NotPetya worm, which initially targeted Ukraine but rapidly spread around the world. NotPetya functioned as a self-replicating wiper, causing tens of billions of dollars in damages and disrupting thousands of organizations for extended periods. Its devastating impact established a blueprint for Russian cyber operations, highlighting the potential for wipers to create chaos both within and beyond Ukraine’s borders.
Sandworm, in particular, has a long history of deploying such destructive tools. In 2016 and 2017, the group was responsible for attacks that disabled parts of Ukraine’s electricity grid, leaving many residents without power or heat in the middle of winter. Since then, the Kremlin has been linked to more than a dozen wiper campaigns against Ukraine. In 2022 alone, wiper attacks disabled 10,000 satellite modems in Ukraine and disrupted the operations of