Russian Hackers’ Attempted Cyberattack on Poland’s Energy Grid Thwarted
In late December 2025, Poland’s energy infrastructure faced a significant cyberattack attempt, which authorities have attributed to Russian government-backed hackers. The incident, occurring on December 29 and 30, targeted two combined heat and power plants and aimed to disrupt communication channels between renewable energy installations, such as wind turbines, and power distribution operators.
Polish Energy Minister Milosz Motyka described this as the most severe assault on the nation’s energy systems in recent years. The Polish government has directly accused Moscow of orchestrating the attack, with local media reporting that, had the attack succeeded, it could have deprived heat and electricity to over 500,000 households across the country.
Cybersecurity firm ESET conducted an in-depth analysis of the incident and identified a destructive malware named DynoWiper used in the attack. This type of malware, known as wiper malware, is designed to irreversibly erase data on infected systems, rendering them inoperable. ESET has attributed the malware with medium confidence to the hacking group known as Sandworm, a unit within Russia’s military intelligence agency, the GRU. This assessment is based on significant overlaps with Sandworm’s previous activities, including their deployment of similar destructive malware targeting Ukraine’s energy sector.
The timing of this attack is particularly notable, occurring nearly a decade after Sandworm’s first known cyberattack on Ukraine’s energy infrastructure in 2015. That attack resulted in power outages affecting more than 230,000 homes around Kyiv. A subsequent attack in 2016 further disrupted Ukraine’s energy systems, underscoring a pattern of targeting critical infrastructure.
In response to the recent attempted cyberattack, Poland’s Prime Minister Donald Tusk assured the public that the nation’s cybersecurity defenses were effective, stating that at no point was critical infrastructure threatened. This incident highlights the ongoing cyber threats faced by nations and the importance of robust cybersecurity measures to protect essential services.
