- ESET links December 2025 Poland energy cyberattack to Sandworm
- DynoWiper malware attempted disruption but was stopped before causing significant damage
- Attack echoes Sandworm’s 2015 Ukraine blackout; Poland faces rising Russian cyber and sabotage threats
The devastating December 2025 cyberattack on Poland’s energy system was most likely the work of Sandworm, an infamous Russian state-sponsored threat actor, experts have said
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” ESET researchers said in a new report.
“We’re not aware of any successful disruption occurring as a result of this attack,” the researchers added, saying they attributed the attack to the Russians with “medium confidence.”
‘Celebrating’ anniversaries
In late 2025, Poland’s power system faced “the largest cyberattack in years”, when threat actors deployed DynoWiper, a piece of malware that simply deletes all of the data it finds. Somehow, it was stopped before being able to do any meaningful harm.
At the time, the country’s energy minister, Milosz Motyka, told reporters that the failed attack sought to disrupt the communication between renewable installations and the power distribution operators, Reuters reported.
“The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on the energy infrastructure in years,” Motyka was cited saying.
ESET also stressed the symbolism of the attack, since exactly 10 years ago, Sandworm launched its first-ever attack on the Ukrainian power grid, which resulted in a blackout that lasted a couple of hours. Back then, Sandworm used the BlackEnergy malware to gain access to critical systems at several electrical substations and managed to leave around 230,000 people without electricity.
Ever since the Russian invasion on neighboring Ukraine, other countries in the region, including Poland, were subject to a growing number of cyberattacks. Polish critical infrastructure was not spared, forcing the country’s military to chime in and help the nation’s power grid operator protect critical transformer stations.
In September 2025, Poland also experienced a major railway explosion, which was also attributed to Russian sabotage. Warsaw described it as “Russian ‘state terrorism’”, while Moscow denied any involvement.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/85kAnS2rcuxwyaibPRC4Ze-2000-80.jpg
Source link
