Redazione RHC : 7 November 2025 18:11
Russian Sandworm hackers use wiper malware against the Ukrainian grain industry.
Ukraine’s grain industry has become the latest target of the infamous, state-backed Russian hacking unit Sandworm, as part of Moscow’s ongoing efforts to undermine the country’s war-torn economy.
According to new research from Slovakian cybersecurity firm ESET , between June and September, the Kremlin-linked group used various types of malware to wipe data from Ukrainian organizations in the grain, energy, logistics, and government sectors. Although wiper attacks have frequently targeted Ukrainian infrastructure since the Russian invasion, the agricultural industry, a key source of the country’s export revenue, has rarely been directly targeted.
Sandworm, which Western intelligence agencies link to the Russian military intelligence service (GRU), is responsible for some of the most damaging cyberattacks in Ukraine’s history, including the 2015 power grid blackout, the 2017 NotPetya malware outbreak, and last year’s hack of major telecommunications provider Kyivstar.
ESET said recent operations included two wipers, Zerolot and Sting, deployed in April against a Ukrainian university, followed by additional waves against grain and energy companies. The wiper malware is designed to permanently erase data and disrupt operations.
The company also linked the attacks to another hacker group, known as UAC-0099, which allegedly carried out the initial intrusions before handing over access to Sandworm. According to the Computer Emergency Response Team of Ukraine (CERT-UA), UAC-0099 has been active since at least 2022 and has targeted Ukrainian government and defense institutions in espionage campaigns.
“These destructive attacks by Sandworm remind us that wipers remain a frequent tool of Russian-aligned threat actors in Ukraine,” ESET said.
While some reports suggested a shift to espionage activities by such groups in late 2024, researchers said that Sandworm has continued to conduct regular wiper attacks against Ukrainian entities since early 2025.
Ukrainian cybersecurity authorities have repeatedly warned that Russian actors, including Sandworm, often coordinate such operations with missile and drone strikes to amplify their impact.
Beyond Ukraine, ESET observed that Russian hacking groups, including RomCom and Gamaredon, continue to target European Union member states, often focusing on entities linked to Ukraine’s defense or logistics networks.
“Even non-Ukrainian targets often have some obvious links to Ukraine and its overall war effort,” the researchers wrote, “strongly suggesting that the conflict continues to mobilize the majority of Russian intelligence attention and resources.”
Redazione