A failed attempt in December to disconnect parts of Poland’s energy grid was linked to hackers from the Russian government, known for previous cyberattacks on the energy sector, according to a cybersecurity research firm that investigated the incident.
According to Energy Minister Miłosz Motyka, the attack on December 29 and 30 targeted two thermal power plants and also aimed to disrupt the link between renewable energy facilities, notably wind turbines and electricity distribution operators.
Motyka called the incident “the strongest attack” on Poland’s energy infrastructure in years, and the Polish government blames Moscow. According to local media, the attacks could have left at least half a million households across the country without heat and electricity.
On Friday, the cybersecurity firm ESET said it had obtained a copy of the destructive malware DynoWiper. Such “wiper” samples are designed to irreversibly destroy data on computers and take systems out of operation.
ESET attributed this sample to the Sandworm hacker group, a unit of the Russian military intelligence GRU, with “moderate confidence,” based on a “strong overlap” with previous Sandworm research into their past malware, including the use of destructive malware against Ukraine’s energy sector.
Independent journalist Kim Zetter first reported the news. She emphasized that cyberattacks against Poland appear almost ten years after the first known Sandworm cyberattack on Ukraine’s energy sector in 2015, which caused power outages for more than 230,000 households in Kyiv. A similar attack affected Ukraine’s energy systems again about a year later.
Following this incident, Polish Prime Minister Donald Tusk said that the country’s cybersecurity had worked, and “at no moment was critical infrastructure at risk.”
“the strongest attack”
– Miłosz Motyka
“at no moment was critical infrastructure at risk.”
– Donald Tusk