According to Dragos, a threat actor dubbed FrostyGoop was able to gain access to the systems of a Ukrainian energy provider and disable heating to over 600 apartment buildings for two days during subzero temperatures.
The threat actors had spent over 10 months inside the provider’s network mapping systems and gathering credentials
(PDF report)