The breach targeted several electrical substations in the country. The attack was scheduled to begin on the evening of April 8 as civilians returned home from work. The deployed malwares were “Industroyer2” (similar to “Industroyer” that was used in 2016 by the Sandworm APT group to cut power in Ukraine) and “CaddyWiper”, “ORCSHRED”, “SOLOSHRED” and “AWFULSHRED”.