- ESET links December 2025 Poland energy cyber attack to Sandworm
- The DynoWiper malware attempted to interrupt, but was stopped before it could cause significant damage
- Attack echoes Sandworms 2015 Ukraine blackout; Poland faces increasing Russian cyber and sabotage threats
The devastating December 2025 cyber attack on Poland’s energy system was most likely the work of Sandworm, a notorious Russian state-sponsored threat actor, experts have said
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with several previous Sandworm wiper activities we analyzed,” ESET researchers said in a new report.
“We are not aware of any successful disruption occurring as a result of this attack,” the researchers added, saying they attributed the attack to the Russians with “medium confidence.”
‘Celebrating’ anniversaries
In late 2025, Poland’s power system faced “the biggest cyber attack in years” when threat actors deployed DynoWiper, a piece of malware that simply deletes all the data it finds. Somehow it was stopped before it could do any meaningful damage.
At the time, the country’s energy minister, Milosz Motyka, told reporters that the failed attack sought to disrupt communications between renewable energy plants and electricity distribution operators, Pakinomist reported.
“The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on the energy infrastructure in years,” Motyka was quoted as saying.
ESET also emphasized the symbolism of the attack, as exactly 10 years ago Sandworm launched its first-ever attack on the Ukrainian power grid, resulting in a blackout lasting a few hours. Back then, Sandworm used the BlackEnergy malware to gain access to critical systems at several electrical substations and managed to leave around 230,000 people without electricity.
Ever since the Russian invasion of neighboring Ukraine, other countries in the region, including Poland, have faced an increasing number of cyber attacks. Polish critical infrastructure was spared, forcing the country’s military to step in and help the country’s power grid operator protect critical substations.
In September 2025, Poland also experienced a major railway explosion, which was also attributed to Russian sabotage. Warsaw described it as “Russian ‘state terrorism'”, while Moscow denied any involvement.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
