Russian Cyberattack Targets Poland’s Distributed Energy Grid, Disrupts Critical Systems
In late December, a coordinated cyberattack attributed to Russia’s Sandworm hacking group targeted Poland’s power grid, compromising control and communications systems at approximately 30 distributed energy facilities. While Polish officials confirmed the attack was thwarted before causing a blackout potentially affecting up to half a million residents new findings from cybersecurity firm Dragos reveal the incident had a measurable impact on operational technology (OT) systems.
The attack focused on combined heat and power plants, as well as renewable energy dispatch systems for wind and solar sites. Though the national transmission grid remained unaffected and power supplies stayed intact, adversaries disabled critical equipment beyond repair, severing remote monitoring and control capabilities. Dragos noted that while the hackers gained access to systems essential for grid operations, it remains unclear whether they attempted to issue operational commands or solely disrupted communications.
Unlike past attacks on centralized infrastructure, this incident highlights the growing threat to distributed energy systems, which are often less protected due to their reliance on remote connectivity. Dragos emphasized that such attacks require deep knowledge of system implementations, underscoring the sophistication of the operation.
The attack aligns with earlier reports from ESET, which identified Sandworm’s use of the data-wiping malware DynoWiper. Sandworm, linked to Russia’s military intelligence agency (GRU), has a history of high-profile destructive cyberattacks, including previous strikes on Ukraine’s power grid. This incident marks another escalation in Russia’s cyber warfare tactics targeting critical infrastructure.
Source: https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected
SolarDefend cybersecurity rating report: https://www.rankiteo.com/company/solardefend
"id": "SOL1769611292",
"linkid": "solardefend",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Up to 500,000 residents '
'(potential blackout impact)',
'industry': 'Energy/Utilities',
'location': 'Poland',
'name': 'Poland’s distributed energy facilities',
'type': 'Energy grid operators'}],
'attack_vector': 'Data-wiping malware (DynoWiper)',
'date_detected': '2023-12',
'description': 'In late December, a coordinated cyberattack attributed to '
'Russia’s Sandworm hacking group targeted Poland’s power grid, '
'compromising control and communications systems at '
'approximately 30 distributed energy facilities. The attack '
'was thwarted before causing a blackout but had a measurable '
'impact on operational technology (OT) systems, disabling '
'critical equipment beyond repair and severing remote '
'monitoring and control capabilities.',
'impact': {'operational_impact': 'Disabled critical equipment beyond repair, '
'severed remote monitoring and control '
'capabilities',
'systems_affected': 'Control and communications systems at '
'distributed energy facilities'},
'lessons_learned': 'Growing threat to distributed energy systems due to '
'reliance on remote connectivity; attacks require deep '
'knowledge of system implementations.',
'motivation': 'Disruption of critical infrastructure, cyber warfare',
'post_incident_analysis': {'root_causes': 'Sophisticated cyberattack by '
'state-sponsored threat actor '
'(Sandworm); exploitation of remote '
'connectivity in distributed energy '
'systems'},
'references': [{'source': 'Dragos'}, {'source': 'ESET'}],
'response': {'third_party_assistance': 'Dragos (cybersecurity firm)'},
'threat_actor': 'Sandworm (GRU-linked)',
'title': 'Russian Cyberattack Targets Poland’s Distributed Energy Grid, '
'Disrupts Critical Systems',
'type': 'Cyberattack on Critical Infrastructure'}