In an alarming escalation, several interconnected energy providers across Western Europe have reported structured intrusion attempts mimicking the TTPs (Tactics, Techniques, and Procedures) of Advanced Persistent Threat (APT) group Sandworm.
The attacks leverage a zero-day exploit in common SCADA gateway appliances. Once a foothold is gained, the attackers pivot to Active Directory to dump credentials and establish long-term persistence via WMI event subscriptions.
Authorities have urged all regional grid operators to implement immediate network segmentation protocols.
