ESET Research has attributed a major cyberattack on Poland's power grid in late 2025 to the Russia-aligned APT group Sandworm. The attack utilized a newly analyzed data-wiping malware dubbed "DynoWiper" (detected as Win32/KillFiles.NMO). While the operation was described as one of the largest targeting the country's energy system in years, researchers confirmed they are not aware of any successful service disruptions occurring as a result of the breach.
The timing of the attack is significant, occurring on the 10th anniversary of the 2015 Sandworm-orchestrated blackout in Ukraine. Sandworm continues to maintain a persistent focus on critical infrastructure sectors throughout Europe. Technical indicators of compromise (IoCs) have been released, including the SHA-1 hash for the DynoWiper executable, to assist security professionals in defending against this specific threat actor's toolkit.
Top comments (0)