The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm".
[2] On 23 December 2015, hackers using the BlackEnergy 3 malware remotely compromised information systems of three energy distribution companies in Ukraine and temporarily disrupted the electricity supply to consumers.
According to representatives of one of the companies, attacks were conducted from computers with IP addresses allocated to the Russian Federation.
[4] In 2019, it was argued that Ukraine was a special case, comprising unusually dilapidated infrastructure, a high level of corruption, the ongoing Russo-Ukrainian War, and exceptional possibilities for Russian infiltration due to the historical links between the two countries.
Furthermore, the timing of the attack during the holiday season guaranteed only a skeleton crew of Ukrainian operators were working (as shown in videos).