A cyber attack scenario on a substation transformer bank is explored. A hypothetical malware has been installed on a transmission substation remote terminal unit (RTU), which is monitoring and controlling the transformer bank and surrounding equipment. The malware periodically manipulates the state of the circuit-breakers connecting the transformers in the bank to the load, so as to surreptitiously overload a single transformer. Over time, this periodic overload degrades the transformer lifetime until the transformer fails, which results in significant maintenance and replacement costs, loss of operational confidence in the system, and a potentially significant system outage. The malware masks its behavior by falsifying data sent to SCADA systems monitoring the substation equipment, such that an operator in the control center is not aware of the actual field conditions. This paper describes the modeling of such an attack, some results, and potential mitigation strategies.