A cyberattack attempt on Poland’s energy infrastructure in late December has been linked to Russian state-backed hackers, according to new findings from a cybersecurity research firm.
Poland’s Energy Minister Milosz Motyka said the attacks happened on December 29 and 30, targeting two heat and power plants. Hackers also tried to interfere with communication systems connecting renewable energy sources, including wind turbines, to power distribution operators. The incident was described as the strongest cyberattack on the country’s energy sector in years.
Polish authorities quickly blamed Russia for the attempted disruption. Local media reported that if the attack had succeeded, it could have cut heat and electricity for up to half a million homes across the country.
Cybersecurity company ESET said it analyzed a sample of destructive malware used in the attack, which it named DynoWiper. This type of malware, known as a wiper, is designed to permanently destroy data on infected systems, making them unusable.
ESET said it linked the malware with medium confidence to Sandworm, a hacking group connected to Russia’s military intelligence agency, the GRU. The company noted strong similarities between DynoWiper and earlier Sandworm malware used in attacks on Ukraine’s energy infrastructure.
The incident was first reported by independent journalist Kim Zetter, who pointed out that the Poland attack comes nearly ten years after Sandworm’s first known cyberattack on Ukraine’s power grid in 2015. That attack caused electricity outages for more than 230,000 homes around Kyiv, followed by another similar incident a year later.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
After the attempted attack, Poland’s Prime Minister Donald Tusk said the country’s cybersecurity systems worked as intended, adding that critical infrastructure was never at risk.
