Poland repels data-wiping malware attack on energy systems

Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed.

According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and targeted two combined heat and power (CHP) plants and a system enabling the management of electricity generated from wind turbines and photovoltaic farms.

Attack attribution

“Everything indicates that these attacks were prepared by groups directly linked to the Russian services,” Poland’s Prime Minister Donald Tusk said.

Specific details about the attacks were withheld, but ESET researchers analyzed the novel malware used by the attackers and named it DynoWiper.

“While details regarding the intended impact continue to be investigated, ESET researchers have highlighted the fact that the coordinated attack occurred on the 10th anniversary of the Sandworm-orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware-facilitated blackout,” they shared on Friday.

“Back in December 2015, Sandworm used the BlackEnergy malware to gain access to critical systems at several electrical substations, leaving around 230,000 people without electricity for several hours.”

Based on this fact, their analysis of DynoWiper and associated tactics, techniques, and procedures (TTPs), ESET researchers have attributed these latest attacks to the Russia-aligned Sandworm APT “with medium confidence”.

The Sandworm APT (aka Telebots, aka Seashell Blizzard) is a hacking group that’s believed to be a part of Unit 74455 of the Russian Main Intelligence Directorate (GRU).

The group has mounted repeated attacks against the Ukrainian power grid (in 2016 and in early and late 2022, with Industroyer and CaddyWiper variants), the infamous NotPetya attacks, and has engaged in many cyber espionage campaigns against EU and NATO member states.

This latest attack was thwarted by Poland’s cyber defenders but, according to Tusk, the country’s energy systems will nevertheless have to be beefed up.

Poland’s ruling coalition is working on a new bill that “will introduce more stringent requirements for risk management, protection of IT and OT systems (operational technologies), and incident response,” and Tusk hopes that it will soon be signed into law.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!