Russian cyber threats loom over Europe's energy sector

The coming winter could potentially mobilize hackers working on behalf of the Russian Federation. The Sandworm group, collaborating with the Kremlin's intelligence, has already shown activity in this area on multiple occasions.

This team, consisting of "most skilled, stealthy" experts, is warned about in an interview with Politico by Google's chief threat intelligence advisor, Jamie Collier. "With the onset of winter, that’s clearly a concern," added Collier.

The Sandworm group is one of the Kremlin's most notorious cyber threats, often operating covertly. Western intelligence has previously linked the group to a 2015 attack that crippled Ukraine's power grid. It is also credited with disrupting the Ukrainian power grid in 2023.

According to the UK government, Sandworm is part of Russia's military intelligence agency, the GRU. This warning comes as European national intelligence services investigate the severance of two key undersea telecommunications cables connecting EU countries.

Cases of "hybrid" sabotage, disruptions, and digital attacks have been noted since Russia's aggression against Ukraine in 2022. They frequently occur in countries on Europe's border with Russia.

In April this year, Google reported that Sandworm, also known as APT44 or Seashell Blizzard, "remains a formidable threat to Ukraine". "To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign," Google stated.

The team is associated with destructive attacks. It is known to be dangerous – efficiently gathering information, representing the highest level of expertise, and employing skilled experts. Russia typically combines network breaches with information operations, for instance by deploying "wiper" malware to destroy systems or data. Data is also often stolen to be passed on to hacking groups.

According to Politico, the lobbying group Eurelectric published a report on Tuesday stating that since 2022, European electricity-related companies have experienced 48 publicly known attacks. Nearly two-thirds of the global recorded cyberattacks in 2023 originated from Russia.

European countries do not wish to remain helpless against these harmful activities. Cyber Europe, one of the largest cybersecurity initiatives in Europe, conducts resilience tests for the EU energy sector. In June, during a two-day exercise, 30 national cybersecurity incident response teams repelled fictional attacks on energy infrastructure.