Russian-linked Sandworm hackers targeted high-voltage electrical substations in Ukraine. The attackers used a novel variant of Industroyer malware, dubbed Industroyer2, which interacts with control systems that manage the flow of power. The hackers also deployed multiple strains of wiper malware as part of the attack.