Source: Hackread
Poland has narrowly avoided a catastrophic energy crisis following what officials are calling the largest cyberattack on the country in years. Between December 29-30, 2025, Russian hackers attempted to infiltrate the nation’s energy infrastructure, targeting combined heat and power (CHP) plants and renewable energy management systems.
Sandworm Strikes Again
Cybersecurity researchers at ESET have attributed the attack to Sandworm (also known as APT44 and Seashell Blizzard), a notorious threat actor linked to Russia’s GRU military intelligence service operating under Unit 74455. The group deployed a new strain of wiper malware dubbed DynoWiper, designed to permanently destroy data and render systems inoperable.
Prime Minister Donald Tusk confirmed that Poland’s security measures held firm, preventing any disruption to power supply. However, officials warn that a successful attack could have left up to 500,000 people without power or heat in the middle of winter.
A Decade of Power Grid Attacks
The timing of this attack is significant, occurring exactly ten years after Sandworm executed the first-ever successful cyberattack on a power grid in Ukraine in December 2015. In that historic incident, the group used BlackEnergy malware to leave 230,000 people without electricity.
Throughout 2025, Sandworm remained highly active, regularly targeting Ukrainian water and heating facilities with wiper variants like Zerolot and Sting. By expanding operations to Poland, the group demonstrates willingness to target NATO members beyond the immediate conflict zone.
Key Takeaways for Critical Infrastructure Operators
- Network Segmentation: Isolate operational technology (OT) networks from IT systems to limit lateral movement
- Incident Response Planning: Develop and regularly test response procedures for destructive malware scenarios
- Threat Intelligence Sharing: Participate in sector-specific ISACs to receive early warnings about emerging threats
- Backup and Recovery: Maintain offline backups of critical systems and test restoration procedures
- 24/7 Monitoring: Implement continuous monitoring with focus on anomalous behavior in industrial control systems
Looking Forward
In response to this attack, Poland is fast-tracking the National Cybersecurity System Act, which will mandate higher security standards for energy providers. As geopolitical tensions continue, critical infrastructure operators across Europe and beyond should remain vigilant against state-sponsored cyber threats targeting essential services.
