The Russian nation-state hacking group Sandworm was behind an unsuccessful cyberattack on Poland's power infrastructure in late December 2025. The attack, described as one of the strongest in years, utilized a previously undocumented data-wiping malware dubbed DynoWiper. Fortunately, Polish authorities reported no successful disruption to energy services, though the attempt targeted combined heat and power (CHP) plants and renewable energy management systems.
Cybersecurity firm ESET linked the incident to Sandworm by identifying overlaps with the group’s prior malicious activities, notably those observed following Russia's invasion of Ukraine. The timing of the attack coincides with the tenth anniversary of Sandworm's infamous 2015 Ukrainian power grid strike, underscores the group's persistent focus on critical infrastructure. In response to the growing threat, Poland is advancing new cybersecurity legislation to bolster the resilience of its IT and operational technology (OT) systems.
Top comments (0)