This paper identifies a novel cybersecurity threat in smart grids: adversaries can compromise aggregator systems to orchestrate coordinated manipulation of flexible energy resources (FERs), inducing large-scale power disturbances that undermine first-swing transient stability. Method: Integrating high-fidelity power system dynamic simulation with multi-scenario cyber-attack modeling, the study quantitatively evaluates the impact of diverse attack strategies on national-scale grid transient stability. Results: Although individual FER units possess negligible capacity, malicious coordination enables them—under theoretical conditions—to trigger inter-regional instability. This exposes a fundamental vulnerability of conventional security paradigms, which rely on physical redundancy and static defenses, against network-physical coupled coordinated attacks. The work provides the first systematic demonstration of a new dimension of national-grid stability risk inherent in FER aggregation architectures, establishing critical theoretical foundations for designing resilience-oriented cybersecurity frameworks for smart grids.

Flexible energy resources are increasingly becoming common in smart grids. These resources are typically managed and controlled by aggregators that coordinate many resources to provide flexibility services. However, these aggregators and flexible energy resources are vulnerable, which could allow attackers to remotely control flexible energy resources to launch large-scale attacks on the grid. This paper investigates and evaluates the potential attack strategies that can be used to manipulate flexible energy resources to challenge the effectiveness of traditional grid stability measures and disrupt the first-swing stability of the power grid. Our work shows that although a large amount of power is required, the current flexibility capacities could potentially be sufficient to disrupt the grid on a national level.