Cyberattack on Poland’s power grid hit around 30 facilities, new report says

Steven

Cyberattack on Poland’s power grid hit around 30 facilities, new report says

Summary

Cybersecurity firm Dragos reports that a coordinated cyberattack in late December compromised control and communications systems at around 30 distributed energy facilities in Poland. While the national transmission backbone remained intact and large-scale outages were avoided, attackers disabled key equipment at some sites and cut remote monitoring and control capabilities. Dragos attributes the operation to Sandworm with moderate confidence and notes that the incident used destructive tooling consistent with previous reports of DynoWiper activity.

Key Points

  • Approximately 30 combined heat-and-power and renewable dispatch sites had communications or control systems compromised.
  • The transmission system was not affected, and power supplies stayed online, so mass outages were avoided.
  • Attackers disabled equipment at some locations; some devices were damaged beyond repair.
  • Loss of communications prevented remote monitoring and control even though it does not necessarily stop equipment from running.
  • Dragos and ESET link the campaign to Sandworm and report use of DynoWiper-style destructive malware.
  • The attack highlights that distributed energy systems — more numerous and often less hardened than centralised assets — are now valid targets for sophisticated adversaries.

Content Summary

Dragos’ analysis expands on earlier reporting by documenting the scope and impact on distributed generation sites. The adversaries gained access to operational technology (OT) systems, disrupted communications and rendered some equipment inoperable. It remains unclear whether the attackers attempted to send operational commands or focused primarily on destroying communications and data. The incident underlines the technical skill required to target OT and the rising threat to decentralised parts of the grid.

Context and Relevance

As power systems decarbonise and decentralise, resilience depends increasingly on many remotely connected assets — which expands the attack surface. This event follows a pattern of destructive OT intrusions attributed to state-linked groups and signals an urgent need for better cybersecurity investment, redundancy and incident response for distributed energy resources, regulators and operators.

Why should I read this?

Short and blunt: this was a close call that shows how vulnerable renewables and decentralised sites can be. If you work in energy, infrastructure protection, security ops or policy, the report explains where the weak spots are and why they matter — so you don’t get caught off guard.

Source

Source: https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected