{"id":207477,"date":"2026-01-28T11:06:00","date_gmt":"2026-01-28T16:06:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/russian-electrum-tied-to-december-2025-cyber-attack-on-polish-power-grid\/"},"modified":"2026-01-28T15:05:07","modified_gmt":"2026-01-28T20:05:07","slug":"russian-electrum-tied-to-december-2025-cyber-attack-on-polish-power-grid","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/28\/russian-electrum-tied-to-december-2025-cyber-attack-on-polish-power-grid\/","title":{"rendered":"Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid"},"content":{"rendered":"

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/01\/russian-electrum-tied-to-december-2025.html<\/a><\/p>\n

Publish Date: 2026-01-28 11:06:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Jan 28, 2026<\/span><\/span>Critical Infrastructure \/ Threat Intelligence<\/span><\/p>\n

The “coordinated” cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM.<\/p>\n

Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy resources (DERs).<\/p>\n

“The attack affected communication and control systems at combined heat and power (CHP) facilities and systems managing the dispatch of renewable energy systems from wind and solar sites,” Dragos said. “While the attack did not result in power outages, adversaries gained access to operational technology systems critical to grid operations and disabled key equipment beyond repair at the site.”<\/p>\n

\"Cybersecurity\"<\/p>\n

It’s worth pointing out that ELECTRUM and KAMACITE share overlaps with a cluster referred to as Sandworm (aka APT44 and Seashell Blizzard). KAMACITE focuses on establishing and maintaining initial access to targeted organizations using spear-phishing, stolen credentials, and exploitation of exposed services.<\/p>\n

Beyond initial access, the threat actor performs reconnaissance and persistence activities over extended periods of time as part of efforts to burrow deep into target OT environments and keep a low profile, signaling a careful preparatory phase that precedes actions executed by ELECTRUM targeting the industrial control systems.<\/p>\n

“Following access enablement, ELECTRUM conducts operations that bridge IT and OT environments, deploying tooling within operational networks, and performs ICS-specific actions that manipulate control systems or disrupt physical processes,” Dragos said. “These actions have included both manual interactions with operator interfaces and the deployment of purpose-built ICS malware, depending on the operational requirements and objectives.”<\/p>\n

Put differently, the…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid https:\/\/thehackernews.com\/2026\/01\/russian-electrum-tied-to-december-2025.html Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":207478,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhpzZ7e4dYy-hpTfbR7szq9J8RcMD40YfqgkKsvCTqBy-LIR2HtA3D4gY0i_-yiitA72t97lJlC4cW3klbAsJB6BBxxfOXDjhf68Z9RNF2GDYwWxPkdzSYTIcgQZzXg_0hCSqYOPI4nI8Wq3NHj5DrgwQ0RpdEZGJ1hMteDuOBNDxn-sXuzj57K9K-QKhz0\/s1700-e365\/powergrid.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,25,34],"class_list":["post-207477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207477"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207477"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207477\/revisions"}],"predecessor-version":[{"id":207479,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207477\/revisions\/207479"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207478"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}