Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
In late December, Poland's energy infrastructure faced a cyber threat when wiper malware was deployed against its electric grid. The attack, which occurred during the last week of the month, sought to sever communications between renewable energy installations and power distribution operators. However, it failed to cause any disruptions to electricity supply, for reasons that remain unclear.
ESET, a cybersecurity firm, analyzed the malware and identified it as DynoWiper, a destructive tool designed to permanently erase code and data on servers. The researchers attributed the operation to the Russia-aligned Sandworm advanced persistent threat (APT) group with medium confidence, citing overlaps in tactics, techniques, and procedures with prior Sandworm activities. "Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed," the firm stated. ESET emphasized that no successful disruptions resulted from this incident.
Sandworm has a track record of deploying wipers in geopolitical conflicts. Notably, on December 23, 2015—exactly 10 years before this attack—the group used BlackEnergy malware to black out power for about 230,000 Ukrainians for six hours during winter. More recently, in 2022, Sandworm's AcidRain wiper targeted 270,000 satellite modems in Ukraine, marking the seventh such tool used since Russia's invasion. The group also hit Ukrainian universities and critical infrastructure with multiple wipers last year. The 2017 NotPetya worm, another Sandworm creation, spread globally despite targeting Ukraine, causing an estimated $10 billion in damages.
Speculation surrounds DynoWiper's failure: it might have been a deliberate show of force to avoid escalating tensions with Poland's NATO allies, or robust cyber defenses could have neutralized it. This event underscores ongoing hybrid threats to European energy systems amid regional tensions.
