Researchers uncovered a major cyber attack on Poland’s energy system. Russian-linked hackers used new wiper malware called DynoWiper. The attempt happened in late December 2025 but failed to disrupt power.
The Attack Hits Critical Targets
Hackers struck on December 29 and 30, 2025. They aimed at two combined heat and power plants. Additionally, they targeted systems managing renewable energy from wind and solar farms.
Poland’s energy minister called it the strongest attack in years. However, the country’s cyberspace forces detected and stopped it. Therefore, no widespread outages occurred.
Sandworm Group Stands Behind It
Experts link the attack to a known Russian hacking group. This group has a long record of disruptive operations. For example, they hit Ukraine’s power grid exactly ten years earlier in 2015.
In that past incident, malware caused hours-long blackouts for thousands. Now, the same group tried similar tactics in Poland. Consequently, officials point to direct ties with Russian services.
New Wiper Malware in Action
The attackers deployed a fresh wiper tool named DynoWiper. This previously unseen malware erases files on infected systems. ESET researchers spotted overlaps with the group’s earlier wiper attacks.
For instance, the malware shares traits with tools used after the 2022 Ukraine invasion. Therefore, analysts confidently attribute it to the same actors. The wiper aimed to wipe data and disrupt operations.
Failed Attempt Shows Strong Defenses
Polish authorities confirmed the attack caused no real damage. The energy minister stressed quick detection saved the grid. Moreover, the government now pushes stronger cybersecurity rules.
These new laws will demand better risk management. They will also require tight protection for IT and control systems. Additionally, they focus on fast incident response.
The group keeps targeting critical infrastructure. In 2025, they used other wipers against Ukrainian targets. For example, one hit a key entity with a new data-destroying tool.
Between June and September 2025, they struck universities, government offices, energy firms, logistics, and agriculture. They deployed multiple wiping variants. Therefore, the pattern shows persistent focus on disruption.
Historical Context Matters
Ten years ago, the group used BlackEnergy malware in Ukraine. That attack left 230,000 people without power for hours. Now, on the anniversary, they tried again in Poland.
Experts note the group’s evolution. They adapt tools while keeping the same goals. Consequently, critical sectors face ongoing risks from such state-linked actors.
Prevention Strategies
Organizations can block these threats with proactive steps. First, deploy advanced endpoint detection to spot unusual file wipes early. Regular backups stored offline help recover quickly if wipers strike.
Moreover, continuous monitoring of network traffic identifies command-and-control activity fast. Conduct frequent security audits of OT and IT systems. These measures reduce the chance of successful disruptive attacks on power infrastructure.
Sleep well, we got you covered.
