This was not an isolated warning. In April 2022, Russian-linked Sandworm operators attempted to disrupt Ukrainian high-voltage electrical substations using Industroyer2 malware designed to interact with industrial control systems that manage power flows, while also deploying wiper malware against supporting systems. In late 2022, researchers reported that Sandworm caused a power disruption at a Ukrainian electrical substation by manipulating circuit breakers during a period of Russian missile attacks, then used data-wiping malware to complicate recovery.