Light casts glow on monitor, showing map of Europe with red X over Russia in abandoned power room.
Posted inPolitical News Tech News World News

Reveals: Russia’s Sandworm Targets Polish Power Grid

No CommentsPosted inPolitical News, Tech News, World News

At a Glance

  • Russian Sandworm unit attempted to wipe Poland’s power plants on December 29 and 30.
  • The destructive wiper malware, DynoWiper, was linked to the GRU’s Sandworm unit.
  • Local media warned the attack could cut heat and power for half a million homes.

Why it matters: A potential cyber-war on a national grid shows how state actors can threaten essential services.

Poland’s energy infrastructure was the target of a late-December cyber-attack that, according to cybersecurity firm ESET, was carried out by Russia’s military-intelligence hacking group Sandworm. The incident focused on two heat-and-power plants and sought to disrupt communication links between wind turbines and power distribution operators, risking outages for hundreds of thousands of households. Polish officials said the government’s defenses held, but the event underscored the growing threat of state-backed cyber-attacks on critical infrastructure.

Attack Overview

The attack occurred on December 29 and 30. Polish Energy Minister Milosz Motyka described it as the ‘strongest attack’ on Poland’s energy infrastructure in years. The hackers aimed to sabotage two heat-and-power plants and interfere with communication between wind turbines and power distribution operators.

Milosz Motyka told reporters that the attempted cyberattack on December 29 and 30 saw hackers targeting two heat and power plants, as well as trying to disrupt the communication links between renewable installations, such as wind turbines and power distribution operators.

  • Targeted assets: two heat-and-power plants, wind turbine communication links.
  • Goal: disrupt renewable energy coordination.
  • Timing: two consecutive nights.
Computer screen shows corrupted file with menacing glow and blurred office background

Malware Details

ESET recovered a copy of the malware, named DynoWiper, which is a wiper type designed to irreversibly destroy data on infected computers. Wiper malware prevents systems from functioning, effectively rendering them inoperable. ESET assigned the malware ‘medium confidence’ to the Sandworm group, citing strong overlap with prior Sandworm research.

ESET said it obtained a copy of the destructive malware, which it calls DynoWiper.

  • DynoWiper: destructive wiper malware.
  • Purpose: data destruction, system shutdown.
  • Attribution: Sandworm (GRU), medium confidence.

What DynoWiper Does

  • Overwrites critical system files.
  • Erases backups that are not protected.
  • Leaves no trace of the attacker’s presence.

Attribution and Historical Context

The Sandworm unit operates under Russia’s military intelligence agency, the GRU. The group has a history of targeting energy sectors, notably in Ukraine in 2015 and 2016, where attacks caused outages for more than 230,000 homes around Kyiv. The Polish incident comes almost exactly a decade after the first known Sandworm attack on Ukraine’s energy infrastructure.

Year Target Impact
2015 Ukraine energy sector >230,000 homes affected
2016 Ukraine energy sector Similar outages
2023 Poland energy sector Potential outage for half a million homes

Independent journalist Kim Zetter first reported the news.

Polish Government Response

Polish Prime Minister Donald Tusk stated that the country’s cybersecurity defenses functioned as intended and that ‘at no point was critical infrastructure threatened.’ The government officially blamed Moscow for the attempted attack, labeling it the strongest in recent history.

Media and Public Reaction

Local media reported that the attack could have knocked out heat and power for at least half a million homes. The incident drew attention to the vulnerability of renewable energy communication networks and the need for robust cyber defenses.

Heat and Power Plants

Heat and power plants produce both thermal energy for heating and electrical power for distribution. They are critical for residential, commercial, and industrial customers. Their loss would directly affect heating and electricity supply.

  • Provide heating to homes and businesses.
  • Generate electricity for the national grid.
  • Operate continuously to meet demand.

Wind Turbines and Communication Links

Wind turbines convert wind energy into electrical power. Communication links enable coordination between turbines and grid operators. Disruption of these links can hinder renewable energy integration.

  • Convert wind into electricity.
  • Require data exchange for optimal performance.
  • Connect to the broader power grid.

The GRU and Sandworm

The GRU is Russia’s military intelligence agency. Sandworm is a unit within the GRU that conducts cyber operations. The unit has a history of targeting critical infrastructure worldwide.

  • Military intelligence agency of Russia.
  • Operates covert cyber units.
  • Known for destructive malware campaigns.

Wiper Malware Explained

Wiper malware is designed to irreversibly destroy data on infected systems. It prevents recovery by overwriting files and erasing backups. Such malware is used to cripple target organizations.

  • Overwrites critical files.
  • Erases unprotected backups.
  • Leaves no evidence of the attacker.

Historical Impact in Ukraine

In 2015, a Sandworm attack caused outages for more than 230,000 homes around Kyiv. A similar attack in 2016 repeated the pattern. These incidents highlighted the vulnerability of Ukraine’s energy sector.

  • 2015: >230,000 homes affected.
  • 2016: Similar outages.
  • Demonstrated state-backed cyber warfare.

Poland’s Cybersecurity Posture

Polish officials said the country’s defenses held during the attack. The government credited its cybersecurity teams for preventing critical infrastructure from being threatened. The incident prompted a review of cyber resilience measures.

  • Defenses remained intact.
  • No critical infrastructure was compromised.
  • Review of cyber resilience underway.

Implications for Renewable Energy

The attack targeted communication links between renewable installations. It exposed the vulnerability of renewable energy networks to cyber threats. Strengthening these links is essential for secure grid operation.

  • Renewable networks are cyber-vulnerable.
  • Communication links are critical.
  • Security upgrades needed.

Key Takeaways

  • Russian Sandworm unit targeted Poland’s power grid on December 29 and 30.
  • DynoWiper, a destructive wiper malware, was linked to the GRU’s Sandworm.
  • The attack could have cut heat and power for half a million homes.
  • Poland’s defenses held, but the event highlights the threat of state-backed cyber-attacks.

Author

  • I’m Daniel J. Whitman, a weather and environmental journalist based in Philadelphia. I

    Daniel J. Whitman is a city government reporter for News of Philadelphia, covering budgets, council legislation, and the everyday impacts of policy decisions. A Temple journalism grad, he’s known for data-driven investigations that turn spreadsheets into accountability reporting.
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *