Russia likely behind Poland power grid attack • The Register

Russia likely behind Poland power grid attack • The Register

https://www.theregister.com/2026/01/26/moscow_likely_behind_wiper_attack/

Publish Date: 2026-01-26 06:54:00

Source Domain: www.theregister.com

Russia was probably behind the failed attempts to compromise the systems of Poland’s power companies in December, cybersecurity researchers claim.

ESET attributed the attack with “medium” confidence to Russia’s GRU-run Sandworm unit, after it investigated the attack and its use of wiper malware. 

The attackers, believed to be state-backed, deployed DynoWiper malware on Poland’s national energy systems. Energy minister Milosz Motyka said they attempted to disrupt communication between renewable hardware and power distribution operators, but were unsuccessful.

The use of wiper malware is one of the telltale signs of Sandworm’s likely involvement – the group has an extensive history of using wiper strains against the critical infrastructure of adversarial countries.

Mandiant previously linked blackouts in Ukraine to Sandworm’s deployment of CaddyWiper in 2023, and the same group is thought to have executed WhisperGate wiper malware to coincide with its on-the-ground invasion of Ukraine in 2022.

ESET believes the DynoWiper attack on Poland was timed to mark the ten-year anniversary of Sandworm’s 2015 attack on Ukraine’s energy sector, which researchers suspect was the first case of malware-related blackouts.

“We continue to investigate the incident and broader implications,” said ESET Research via social media. “As new evidence or links to additional Sandworm activity emerge, we will share further updates to help defenders protect critical sectors.”

Poland, a NATO member and supporter of Ukraine, naturally has a fractious relationship with Russia, although it is one that was never truly friendly.

Officials have not linked the latest aggression to any specific event between the two countries, although it’s somewhat of a take-your-pick situation if you look for reasons in the months preceding the attack.

…

Source