Researchers Link December Cyberattacks on Polish Energy Systems to Russian Military Intelligence Hackers
Cybersecurity researchers say a notorious Russian military intelligence hacking unit was likely behind a series of cyberattacks that targeted Poland’s energy infrastructure in late December, marking one of the most serious attempted intrusions against the country’s power system in years.
Analysts from ESET, based in Slovakia, said their investigation points to the hacking group widely known as Sandworm, a unit long associated with destructive cyber operations attributed to Russian military intelligence. In a blog post published on Friday, the researchers said their assessment was based on malware analysis, code similarities, and operational patterns that closely match Sandworm’s previous attacks.
According to ESET, the attackers attempted to deploy a piece of malware known as DynoWiper. The tool is designed to destroy files on infected systems and render them unusable, a tactic consistent with Sandworm’s history of destructive rather than purely espionage focused cyber activity.
Despite the scale and sophistication of the attempted attack, researchers said there is no evidence that it caused any actual disruption to Poland’s power supply. That assessment aligns with comments made earlier this month by Polish Prime Minister Donald Tusk, who said the attacks were unsuccessful.
Poland’s energy minister, Miłosz Motyka, told reporters on January 13 that the attempted intrusion during the final week of December was the strongest cyberattack on the country’s energy infrastructure in years, underscoring the growing threat posed by state linked hackers to critical national systems.
Sandworm has been linked by the United States and the United Kingdom to a series of high profile cyberattacks over more than a decade, including operations against Ukraine’s energy sector. ESET researchers noted that the attempted attack on Poland coincided with the tenth anniversary of a Sandworm attributed cyber operation against Ukraine’s power grid, an incident widely recognised as the first malware driven blackout in history.
The Russian Embassy in Washington did not immediately respond to requests for comment regarding the findings.
Cybersecurity experts say the incident highlights the continued risk facing European energy infrastructure amid heightened geopolitical tensions. While the Polish systems appear to have withstood the attempted attack, researchers warn that the use of destructive malware demonstrates an ongoing willingness by state linked actors to target civilian infrastructure through cyberspace.
Photo Credit: DepositPhotos.com