- ESET Links December 2025 Poland Energy Cyber Attack to Sandworm
- DynoWiper malware attempted to disrupt it, but stopped before causing significant damage
- The attack echoes the Sandworm blackout in Ukraine in 2015; Poland faces growing cyber and sabotage threats from Russia
The devastating December 2025 cyberattack on Poland’s energy system was likely the work of Sandworm, an infamous Russian state-sponsored threat actor, according to experts.
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm cleanup activities we analyzed,” ESET researchers said in a new report.
“We are not aware of any successful disruptions occurring as a result of this attack,” the researchers added, saying they attributed the attack to the Russians with “medium confidence.”
‘Celebrating’ anniversaries
In late 2025, Poland’s power system faced “the biggest cyberattack in years,” when threat actors deployed DynoWiper, a malware that simply deletes all data it finds. Somehow, it was stopped before it could cause any significant damage.
At the time, the country’s energy minister, Milosz Motyka, told reporters that the failed attack sought to disrupt communication between renewable facilities and power distribution operators, PakGazette reported.
“The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on the energy infrastructure in years,” Motyka said.
ESET also highlighted the symbolism of the attack, as exactly 10 years ago, Sandworm launched its first attack on Ukraine’s power grid, causing a blackout that lasted a couple of hours. Back then, Sandworm used BlackEnergy malware to access critical systems at several electrical substations and managed to leave around 230,000 people without power.
Since the Russian invasion of neighboring Ukraine, other countries in the region, including Poland, have been subject to a growing number of cyberattacks. Polish critical infrastructure was not spared, forcing the country’s military to intervene and help the country’s power grid operator protect critical transformer stations.
In September 2025, Poland also suffered a major railway explosion, which was also attributed to Russian sabotage. Warsaw described it as Russian “state terrorism”, while Moscow denied any involvement.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
