"Poland's energy infrastructure, including two combined heat and power (CHP) plants and a renewable energy management system, was targeted by hackers on December 29-30, and Polish officials blamed Russia for the assault. Said to have been the largest cyberattack against Poland in years, the December 2025 incident was thwarted before it could cause a blackout or compromise critical infrastructure, the country's officials said earlier this month."
"The attack occurred 10 years after Sandworm used the BlackEnergy malware in a disruptive attack against Ukraine's power grid, resulting in multiple blackouts in the Ivano-Frankivsk region. Active since at least 2009, the threat actor is believed to be associated with Russia's General Staff Main Intelligence Directorate (GRU) military unit 74455. Also known as APT44, BlackEnergy Lite, Seashell Blizzard, Telebots, and Voodoo Bear, Sandworm has become notorious for its espionage and information operations, as well as cyber disruptions."
ESET attributes the December 29-30, 2025 assault on Poland's energy infrastructure to the Russia-linked Sandworm APT based on malware and TTP overlaps. Targets included two combined heat and power (CHP) plants and a renewable energy management system. Sandworm deployed a new data wiper named DynoWiper (Win32/KillFiles.NMO), but no successful disruptions or blackouts were observed. The intended impact of the assault remains undetermined. The incident coincided with the tenth anniversary of Sandworm's BlackEnergy attack on Ukraine. Sandworm has been active since at least 2009 and is linked to GRU unit 74455 under several aliases.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]