Cyberattacks on Polish energy infrastructure attributed to Russia

Following a cyberattack on Poland's energy grid, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to U.S. critical infrastructure owners and operators. The advisory aims to share lessons learned from the attack, which targeted approximately 30 wind and solar farms.

via cyberscoop.com

A technical report from Poland's CERT revealed that Russian government hackers breached Polish energy facilities by exploiting default credentials and a lack of multi-factor authentication. The attackers deployed wiper malware to destroy monitoring systems.

via techbuzz.ai

The cyberattack has been attributed to the Russian state-sponsored hacking group ELECTRUM, which shares overlaps with Sandworm. According to cybersecurity company Dragos, this was the first major cyberattack targeting distributed energy resources (DERs).

via thehackernews.com

The CEO of Polskie Sieci Energetycznych (PSE) stated that the risk of a long-term blackout from the cyberattack was small and that the attack on smaller renewable energy assets did not threaten critical infrastructure.

via rp.pl

The cyberattack specifically targeted two heat-and-power plants and a renewable energy management system, and the DynoWiper malware used was previously undocumented.

via zetter-zeroday.com·thehackernews.com

The cyberattack on Poland's energy grid specifically aimed to disrupt communications between renewable energy installations and electricity distribution operators.

via reddit.com·therecord.media

European security firm ESET reported that the December cyberattack on Polish energy targets used 'DynoWiper' malware, designed to erase computers and cause disruption. ESET attributed the operation with medium confidence to Sandworm, a Russian military intelligence hacking unit.

via asisonline.org·scworld.com·tvpworld.com·united24media.com·youtube.com

Poland's digital affairs minister reported that the country faces between 2,000 and 4,000 cyber incidents daily, with 700 to 1,000 posing a real threat, and that Russia has tripled its resources for cyber actions against Poland in 2025. The recent attack on the energy grid breached systems through vulnerable edge devices before deploying wiper malware that damaged operational technology and corrupted firmware.

via Reuters·reuters.com·reuters.com

Poland has accused Russia of launching a major cyberattack on its energy grid in late December 2025, which nearly caused a nationwide blackout. Energy Minister Miłosz Motyka stated the attack aimed to disrupt communication between renewable energy installations and power distribution operators. The UK's National Cyber Security Centre also issued an alert following these attacks, attributed to Russian state cyber forces.

via The Moscow Times·ComputerWeekly.com·Modern Diplomacy

Polish Energy Minister Miłosz Motyka stated that the December attack was 'threatening' and different from previous attacks, as various locations were targeted simultaneously. He announced Poland would increase investment in energy infrastructure through an 'anti-blackout package'.

via asisonline.org·scworld.com·tvpworld.com·united24media.com·youtube.com