The December 2015 disruption of multiple Ukrainian electrical substations was conducted by a group allied to Russian government interests continues to mount. Security experts note that the spear-phishing emails and related malware infections apparently used by attackers would most likely have been blocked if the targets had some basic information security defenses in place. The Sandworm advanced persistent threat group, which has previously been tied to attacks that align with Russian interests, was also responsible for the Ukrainian power supplier hack and disruption. But many experts caution that while attribution is useful for authorities – or diplomats – it’s up to enterprise information security professionals to defend their organization.”]
Source: https://www.cuinfosecurity.com/blogs/how-to-block-ukraine-style-hacker-attacks-p-2028