A Russian military intelligence-linked hacking unit was likely behind major cyberattacks targeting Poland’s power system in late December, according to cybersecurity researchers. Analysts at ESET said the attack showed strong links to the group widely known as Sandworm, citing similarities in tactics and overlapping malware code with past destructive operations attributed to the unit.
The attackers attempted to deploy a data-wiping malware strain known as DynoWiper, designed to destroy files and render affected systems inoperable. Researchers said there was no evidence the attack caused actual disruptions, supporting statements by Polish Prime Minister Donald Tusk that the effort failed. Poland’s energy minister described it as the most serious cyberattack on the country’s energy infrastructure in years.
Sandworm has previously been blamed by Western governments for high-profile cyber operations, including a 2015 attack on Ukraine’s power grid. Researchers noted the Poland incident occurred on the anniversary of that landmark blackout, underscoring ongoing cyber risks to critical infrastructure.
