Cyberattack on Poland’s power grid could have been lethal • The Register

https://www.theregister.com/2026/01/29/cyberattack_poland_power_grid/

Publish Date: 2026-01-29 07:10:00

Cybersecurity experts involved in the cleanup of the cyberattacks on Poland’s power network say the consequences could have been lethal.

In a report published this week, Dragos said it is working with one of the 30 or so facilities affected by the attacks, allegedly carried out by Russian intelligence.

It called the attacks irresponsible, and if they succeeded in disrupting the country’s power grid, it could have led to civilian deaths given the timing.

“An attack on a power grid at any time is irresponsible, but to carry it out in the depths of winter is potentially lethal to the civilian population dependent on it,” Dragos said.

“It is unfortunate that those who attack these systems appear to deliberately choose timing that maximizes impact on civilian populations.”

Dragos, which attributed the attacks to the group it calls Electrum but most others call Sandworm, described the attacks as a world-first for targeting distributed energy sources (DERs), which are smaller sites connected to a country’s central power grid.

The attacks bore similarities with those carried out by Russia a decade ago in Ukraine, where GRU-affiliated Sandworm attackers compromised the country’s power grid.

The use of wiper malware, DynoWiper in this case, is consistent with Sandworm’s previous attacks on critical infrastructure, but targeting DERs is an evolution in tradecraft.

Dragos said the various compromises in Poland show these DERs, which don’t often receive the same levels of cybersecurity investment as centralized facilities, now represent an attractive target for state-sponsored attackers.

“While Dragos has responded to cybersecurity incidents at individual renewable and distributed generation facilities in the past, those incidents involved single sites or opportunistic compromises,” its report…

Source