Poland Thwarts Cyberattack on Energy Grid
▼ Summary
– Suspected Russian cyber attackers attempted but failed to disrupt parts of Poland’s energy infrastructure using new data-wiping malware in late December 2025.
– The attacks targeted two combined heat and power plants and a system managing electricity from wind and solar sources.
– Polish Prime Minister Donald Tusk stated the attacks were likely prepared by groups directly linked to Russian services.
– ESET researchers attributed the attack to the Russia-aligned Sandworm APT group, noting it coincided with the 10th anniversary of a major Sandworm attack on Ukraine’s power grid.
– Poland’s cyber defenders thwarted the attack, but the government is working on new legislation to strengthen the security of its energy systems.
Polish authorities successfully defended against a sophisticated cyberattack targeting the nation’s energy infrastructure in late December, preventing any disruption to power supplies. The incident involved a previously unseen data-wiping malware aimed at two combined heat and power plants and a system managing electricity from wind and solar sources. Prime Minister Donald Tusk stated that evidence points to groups directly linked to Russian intelligence services as the perpetrators.
Cybersecurity researchers from ESET analyzed the malicious software, naming it DynoWiper. They noted the attack’s timing coincided with the tenth anniversary of a notorious blackout in Ukraine caused by the Sandworm hacking group. That 2015 event, which used BlackEnergy malware, was the first known power outage directly triggered by a cyberattack. Based on their examination of DynoWiper and the attackers’ methods, ESET attributes this latest operation to the Russia-aligned Sandworm APT with medium confidence.
Sandworm, also known by aliases like Telebots and Seashell Blizzard, is widely believed to be part of a unit within Russia’s military intelligence agency, the GRU. The group has a long history of aggressive cyber operations, including multiple attacks on Ukraine’s power grid using malware like Industroyer and CaddyWiper, the devastating NotPetya ransomware outbreak, and numerous espionage campaigns against European Union and NATO countries.
While Polish cyber defenders managed to stop this intrusion, Prime Minister Tusk emphasized the ongoing need to strengthen the country’s energy systems against such threats. The ruling coalition is preparing new legislation designed to impose stricter security standards. The proposed bill would mandate more rigorous risk management, enhanced protection for both information technology and operational technology systems, and improved incident response protocols. Tusk expressed hope that the law would be enacted swiftly.
This thwarted attack underscores the persistent cyber threat to critical national infrastructure from state-sponsored actors. It highlights the importance of robust, proactive defense measures and continuous vigilance in the energy sector and other vital industries.
(Source: HelpNet Security)
