- ESET links December 2025 energy cyberattack in Poland to Sandworm
- DynoWiper malware attempted disruption but was stopped before causing significant damage
- The attack echoes the Sandworm blackout in Ukraine in 2015; Poland faces growing threats from Russian cybercrime and sabotage
The devastating December 2025 cyberattack on Poland’s energy system was most likely the work of Sandworm, an infamous Russian state-sponsored threat actor, experts said.
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to strong overlap with many previous Sandworm wipe activities we analyzed,” ESET researchers said in a new report.
“We are not aware of any successful disruptions resulting from this attack,” the researchers added, saying they attributed the attack to the Russians with “medium confidence.”
“Celebrate” birthdays
In late 2025, Poland’s electricity system faced “the biggest cyberattack in years,” when malicious actors deployed DynoWiper, malware that simply deletes any data found. Somehow this was stopped before it could cause significant harm.
At the time, the country’s energy minister, Milosz Motyka, told reporters that the failed attack was aimed at disrupting communication between renewable installations and electricity distribution operators, PK Press Club reported.
“The Cyberspace Forces Command diagnosed in the last days of the year the most violent attack on energy infrastructure in years,” Motyka said.
ESET also highlighted the symbolism of the attack, since exactly 10 years ago Sandworm launched its first-ever attack on Ukraine’s power grid, which resulted in a power outage that lasted for a few hours. At the time, Sandworm used BlackEnergy malware to access critical systems at several electrical substations and managed to leave around 230,000 people without power.
Since Russia’s invasion of neighboring Ukraine, other countries in the region, including Poland, have suffered an increasing number of cyberattacks. Poland’s critical infrastructure was not spared, forcing the country’s military to step in and help the national power grid operator protect critical transformer stations.
In September 2025, Poland also experienced a major railway explosion, also attributed to Russian sabotage. Warsaw called it “Russian state terrorism,” while Moscow denied any involvement.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
