In late December 2025, Poland's energy infrastructure faced a significant cyberattack, marking the largest such incident in years. Cybersecurity firm ESET analyzed the attack and attributed it to the Russian state-sponsored group Sandworm, based on the deployment of a new wiper malware named DynoWiper. (welivesecurity.com)
The attack targeted two combined heat and power plants and aimed to disrupt communication between renewable energy installations, such as wind turbines and photovoltaic farms, and power distribution operators. Polish Energy Minister Milosz Motyka described the incident as the "strongest attack" on the nation's energy infrastructure in years. (techcrunch.com)
ESET researchers noted that the attack occurred on the 10th anniversary of Sandworm's first known cyberattack on Ukraine's power grid in 2015, which resulted in a blackout affecting approximately 230,000 people. (welivesecurity.com)
Despite the scale of the attempted disruption, Polish authorities confirmed that defensive measures successfully prevented any compromise of critical infrastructure. No power disruptions or physical damage to equipment occurred during or after the attack window. (csidb.net)
The use of DynoWiper malware in this attack underscores the persistent threat posed by state-sponsored cyber actors targeting critical infrastructure. ESET's analysis highlights the need for continued vigilance and robust cybersecurity measures to protect against such sophisticated threats.