Russia’s Sandworm Unit Targets Poland’s Power Grid in Failed Cyberattack
In a brazen escalation of cyber warfare, Russia’s elite Sandworm hacking unit linked to the GRU attempted to disrupt Poland’s energy infrastructure in late December. Security firm ESET uncovered destructive DynoWiper malware deployed against two Polish power plants and wind turbine networks on December 29–30, an attack that could have left 500,000 households without heat and electricity during winter.
The assault targeted critical facilities and communication links between renewable energy installations and grid operators, aiming to cripple operations. While the attack failed, Polish Energy Minister Milosz Motyka confirmed it as the most severe cyber threat to the nation’s energy sector in years. Unlike ransomware, DynoWiper is designed for pure destruction, erasing data and rendering systems inoperable.
ESET attributed the malware to Sandworm with "medium confidence", citing strong similarities to the group’s past operations, including the infamous 2015–2016 Ukraine blackouts. The incident underscores Russia’s continued use of cyber warfare to destabilize regional infrastructure, even as its tactics evolve.
Source: https://www.techbuzz.ai/articles/russian-hackers-hit-poland-s-grid-with-wiper-malware
EDP cybersecurity rating report: https://www.rankiteo.com/company/edp
"id": "EDP1769207360",
"linkid": "edp",
"type": "Cyber Attack",
"date": "6/2015",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': '500,000 households',
'industry': 'Energy',
'location': 'Poland',
'name': 'Polish power plants and wind turbine networks',
'type': 'Energy Infrastructure'}],
'attack_vector': 'Malware (DynoWiper)',
'data_breach': {'data_encryption': 'Data erasure (DynoWiper)'},
'date_detected': '2023-12-29',
'description': 'Russia’s elite Sandworm hacking unit linked to the GRU '
'attempted to disrupt Poland’s energy infrastructure in late '
'December. Security firm ESET uncovered destructive DynoWiper '
'malware deployed against two Polish power plants and wind '
'turbine networks on December 29–30, an attack that could have '
'left 500,000 households without heat and electricity during '
'winter. The assault targeted critical facilities and '
'communication links between renewable energy installations '
'and grid operators, aiming to cripple operations. While the '
'attack failed, Polish Energy Minister Milosz Motyka confirmed '
'it as the most severe cyber threat to the nation’s energy '
'sector in years. Unlike ransomware, DynoWiper is designed for '
'pure destruction, erasing data and rendering systems '
'inoperable.',
'impact': {'operational_impact': "Potential disruption to 500,000 households' "
'heat and electricity',
'systems_affected': 'Power plants, wind turbine networks, '
'communication links'},
'motivation': 'Destabilization, Cyber Warfare',
'references': [{'source': 'ESET'}],
'response': {'third_party_assistance': 'ESET'},
'threat_actor': 'Sandworm (GRU-linked)',
'title': 'Russia’s Sandworm Unit Targets Poland’s Power Grid in Failed '
'Cyberattack',
'type': 'Cyberattack'}