10 Years Since the First Ukraine Power Grid Attack: Lessons in Defense

A 10-year retrospective recounting the December 2015 Ukraine power-grid attack and later incidents, detailing how patient, nation-state actors gained access to SCADA systems, manipulated industrial protocols (via CRASHOVERRIDE/Industroyer2), deployed KillDisk and other measures to hinder recovery, and targeted operators and infrastructure—highlighting ongoing threats from groups tracked as KAMACITE and ELECTRUM and stressing the need for improved OT visibility, intelligence sharing, and defenses.