Poland’s Power Grid: Cyberattack on Polish energy grid impacted around 30 facilities

Russian Cyberattack Targets Poland’s Power Grid in Winter Strike

In late December, a coordinated cyberattack struck Poland’s power grid, targeting at least 12 and likely closer to 30 distributed energy resource (DER) sites, including combined heat and power (CHP) facilities, wind farms, and solar dispatch systems. The assault, attributed with moderate confidence to the Russian threat group Electrum (a distinct cluster overlapping with Sandworm/APT44), aimed to disrupt operational technology (OT) systems, damaging critical equipment beyond repair.

Despite the attackers’ efforts, the strike failed to cut power, preserving 1.2 GW or 5% of Poland’s energy supply. However, the incident exposed severe vulnerabilities in decentralized energy infrastructure. Researchers at Dragos, a leading OT/ICS security firm, warned that the absence of outages should not downplay the attack’s severity, particularly given its timing during winter, when energy demand peaks. The report emphasized the potential lethal consequences of such disruptions, noting that attackers often exploit high-impact periods to maximize civilian harm.

The attackers demonstrated deep technical expertise, compromising remote terminal units (RTUs), edge devices, and Windows-based systems at DER sites. They disabled communications equipment, severing remote monitoring and control, though power generation continued uninterrupted. Some OT/ICS devices were rendered inoperable, with configurations corrupted beyond recovery, while Windows systems were wiped entirely.

While the attack’s narrow scope prevented a nationwide blackout, Dragos highlighted the risk of system frequency destabilization, which could trigger cascading failures similar to the 2025 Iberian grid collapse. The incident aligns with Electrum’s broader campaign, which has previously deployed destructive malware like DynoWiper, Caddywiper, and Industroyer2 against Ukrainian and other European energy networks. The group’s expansion into Poland signals an escalating threat to critical infrastructure across the region.

Source: https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/

Econergy Renewable Energy Ltd. cybersecurity rating report: https://www.rankiteo.com/company/econergy-renewable-energy-ltd

"id": "ECO1769640092",
"linkid": "econergy-renewable-energy-ltd",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"

{'affected_entities': [{'industry': 'Energy',
                        'location': 'Poland',
                        'name': 'Poland’s power grid (DER sites)',
                        'type': 'Critical Infrastructure'}],
 'attack_vector': ['Compromised remote terminal units (RTUs)',
                   'Edge devices',
                   'Windows-based systems'],
 'date_detected': 'late December',
 'description': 'In late December, a coordinated cyberattack struck Poland’s '
                'power grid, targeting at least 12 and likely closer to 30 '
                'distributed energy resource (DER) sites, including combined '
                'heat and power (CHP) facilities, wind farms, and solar '
                'dispatch systems. The assault, attributed to the Russian '
                'threat group Electrum (overlapping with Sandworm/APT44), '
                'aimed to disrupt operational technology (OT) systems, '
                'damaging critical equipment beyond repair. Despite the '
                'attackers’ efforts, the strike failed to cut power, '
                'preserving 1.2 GW or 5% of Poland’s energy supply. The '
                'incident exposed severe vulnerabilities in decentralized '
                'energy infrastructure, with potential lethal consequences '
                'during winter peak demand.',
 'impact': {'operational_impact': 'Disabled communications equipment, severed '
                                  'remote monitoring and control, some OT/ICS '
                                  'devices rendered inoperable, Windows '
                                  'systems wiped entirely',
            'systems_affected': ['Remote terminal units (RTUs)',
                                 'Edge devices',
                                 'Windows-based systems',
                                 'OT/ICS devices']},
 'lessons_learned': 'The attack highlighted severe vulnerabilities in '
                    'decentralized energy infrastructure and the potential for '
                    'cascading failures during high-impact periods. The '
                    'absence of outages should not downplay the severity of '
                    'such attacks.',
 'motivation': 'Disruption of critical infrastructure, potential civilian harm '
               'during high-impact periods',
 'post_incident_analysis': {'root_causes': 'Deep technical expertise in '
                                           'compromising OT/ICS systems, '
                                           'exploitation of vulnerabilities in '
                                           'decentralized energy '
                                           'infrastructure'},
 'references': [{'source': 'Dragos'}],
 'response': {'third_party_assistance': 'Dragos (OT/ICS security firm)'},
 'threat_actor': 'Electrum (overlapping with Sandworm/APT44)',
 'title': 'Russian Cyberattack Targets Poland’s Power Grid in Winter Strike',
 'type': 'Cyberattack on Critical Infrastructure',
 'vulnerability_exploited': 'Vulnerabilities in decentralized energy '
                            'infrastructure and OT/ICS systems'}