The Russian state-sponsored APT named Sandworm was behind the December 2025 cyberattack focusing on Poland’s energy grid, cybersecurity agency ESET stories.
Poland’s power infrastructure, together with two mixed warmth and energy (CHP) crops and a renewable power administration system, was focused by hackers on December 29-30, and Polish officers blamed Russia for the assault.
Stated to have been the most important cyberattack towards Poland in years, the December 2025 incident was thwarted earlier than it might trigger a blackout or compromise crucial infrastructure, the nation’s officers mentioned earlier this month.
The assault occurred 10 years after Sandworm used the BlackEnergy malware in a disruptive assault towards Ukraine’s energy grid, leading to a number of blackouts within the Ivano-Frankivsk area.
Lively since at the very least 2009, the menace actor is believed to be related to Russia’s Basic Employees Major Intelligence Directorate (GRU) army unit 74455.
Also called APT44, BlackEnergy Lite, Seashell Blizzard, Telebots, and Voodoo Bear, Sandworm has develop into infamous for its espionage and knowledge operations, in addition to cyber disruptions.Commercial. Scroll to proceed studying.
In line with ESET, the APT was more than likely behind the December 2025 cyberattack on the Polish energy grid, based mostly on the employed malware and related TTPs.
The cybersecurity agency mentioned that Sandworm deployed a brand new knowledge wiper within the assault, however didn’t trigger disruptions. The supposed impression of the assault has but to be decided.
“We’re not conscious of any profitable disruption occurring on account of this assault,” ESET mentioned.
The malware, dubbed DynoWiper (Win32/KillFiles.NMO), aligns with earlier Sandworm wiper assaults, the cybersecurity agency famous. No technical particulars on the menace have been printed.
Underlining the hyperlink between the Polish assault and the anniversary of Sandworm’s assault on Ukraine’s energy grid, ESET identified that the APT continues to often mount wiper assaults towards Ukrainian targets.
“Quick ahead a decade and Sandworm continues to focus on entities working in varied crucial infrastructure sectors, particularly in Ukraine,” ESET mentioned.
Associated: Russia’s APT28 Focusing on Vitality Analysis, Protection Collaboration Entities
Associated: Professional-Russian Hackers Declare Cyberattack on French Postal Service
Associated: Denmark Blames Russia for Cyberattacks Forward of Elections and on Water Utility
Associated: Amazon: Russian Hackers Now Favor Misconfigurations in Crucial Infrastructure Assaults
