The big idea is apparently to "increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine. The occupying command is convinced that this will slow down the offensive operations of the Ukrainian Defence Forces.”
While they have been saying that for a while, the Russians have carried out two serious infrastructure attacks the first in 2015 and then almost exactly one year later. These left Ukrainians without power during one of the coldest months of the year and were proof-of-concept and test ground of sorts for disrupting Ukraine’s power supply.
It was based around a piece of malware, called BlackEnergy and was used to break into the corporate networks of Ukrainian power companies and then further encroach into the supervisory control and data acquisition systems the companies used to generate and transmit electricity. The hack allowed the attackers to use legitimate functionality commonly found in power distribution and transmission to trigger a failure that caused more than 225,000 people to go without power for more than six hours.
The 2016 attack was more sophisticated. It used a new piece of malware written from scratch specifically designed for hacking electric grid systems. The new malware—which goes by the names Industroyer and Crash Override—was notable for its mastery of the arcane industrial processes used by Ukraine’s grid operators. Industroyer natively communicated with those systems to instruct them to de-energize and then re-energise substation lines.
What might be of concern is that the Russians could use a similar attack on Western countries who Tsar Putin considers supporting Ukraine. Many of these countries have mixed ties with the Russians with some of them selling out their entire energy policies to Putin's chums. Such supporters are now having to explain their actions to their enraged citizens who will presumably be crosser if Putin manages to switch the lights out using hacking events to remind Europe how dependent they are on Russian energy.
Security researchers have been warning that Sandworm, the name for the Kremlin-backed group behind the power grid hacks, is among the most elite hacking groups in the world. They are known for stealth, persistence, and remaining hidden inside targeted organisations for months or even years before surfacing.