"Poland's computer emergency response team (CERT) has published a report detailing the recent attack by Russia-linked hackers on the country's power grid. The attack targeted communication and control systems at roughly 30 sites, including combined heat and power (CHP) plants and renewable energy dispatch centers for wind and solar facilities. The hackers gained access to industrial control systems (ICS), but primarily targeted grid safety and stability monitoring systems rather than active power generation systems."
"The CERT reported that each of the targeted facilities had Fortinet FortiGate devices exposed to the internet, using default credentials and lacking multi-factor authentication. These Fortinet appliances, which served as both firewalls and VPN interfaces, represented the initial attack vector. Advertisement. Scroll to continue reading. The hackers initiated disruptive and destructive actions on December 29, with some of the activity partially automated."
Russia-linked hackers gained access to industrial control systems and targeted communication, control, and grid safety monitoring systems at about 30 Polish energy sites, including CHP plants and renewable dispatch centers. The attack began as early as March 2025 with reconnaissance, unauthorized data access, and credential harvesting through July, and escalated to disruptive and destructive actions on December 29, some of which were partially automated. Attackers exploited internet-exposed Fortinet FortiGate devices using default credentials and no multi-factor authentication as the initial vector. Some ICS devices were permanently damaged, but no electrical outages occurred and analyses indicated system stability would not have been affected.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]