Poland is grappling with a significant increase in cyberattacks, recording 2.5 times more incidents in 2025 compared to the previous year, a government official revealed on Tuesday. This surge includes a notable breach in the nation’s energy infrastructure, suspected to have Russian origins, marking an unprecedented incident among NATO and EU countries.
Rising Threats in Cyberspace
Deputy Minister of Digital Affairs, Paweł Olszewski, disclosed that Poland faced a staggering 270,000 cyber incidents over the past year. He emphasized the ongoing battle in cyberspace, citing a consistent rise in the frequency and intensity of these attacks. The government, led by Prime Minister Donald Tusk, has been strengthening its cybersecurity measures since Russia’s invasion of Ukraine in 2022, anticipating increased threats.
Energy Sector Under Siege
On December 29, coordinated cyberattacks targeted a heat and power plant supplying heat to nearly 500,000 residents, along with numerous wind and solar farms. While power supply remained unaffected, the incident raised alarms within Polish authorities. CERT Polska, the national Computer Emergency Response Team, released a public report in January, seeking community input on the attack’s specifics.
Marcin Dudek, head of CERT Polska, highlighted the uniqueness of the attack, which deviated from typical financially-driven ransomware incidents. He noted the destructive intent behind the attack, a rarity in Poland’s cyber history, especially within the energy sector.
Suspected Russian Involvement
Analysis of the cyberattack revealed connections to a Russian threat group known as Dragonfly, which has historically targeted energy sectors but not in a destructive manner. The FBI identified this group as linked to Russia’s FSB. ESET, an EU cybersecurity firm, suggests the attack could also involve Sandworm, a group associated with destructive operations in Ukraine and linked to Russia’s GRU.
Anton Cherepanov of ESET confirmed that techniques used in the Polish attack are characteristic of Sandworm’s data-wiping malware. While the specific Russian group remains unconfirmed, the evidence points towards Russian involvement. The Russian Embassy in Warsaw did not comment on these allegations.
As Poland fortifies its cyber defenses, the incident underscores the escalating cyber threats facing nations worldwide, highlighting the need for robust international cybersecurity collaboration.
