2025 cyberattack on Polish power grid

The 2025 cyberattack on the Polish power grid began on 29 December 2025 and continued until the following day.[1][2][3]

The attack targeted both IT devices and physical industrial devices, which is unusual.[1][2]

Targets included:

  • Renewable energy plants[1][2]
  • a large combined heat and power plant[1][2]
  • a manufacturing company[1][2]

Attribution

CERT Polska attributed the attack to Berserk Bear.[1][2]

ESET attributed the attack to Sandworm with medium confidence.[4][3]

Dragos Security also attributed the attacks to Sandworm.[5]

References

  1. ^ a b c d e f "Energy Sector Incident Report - 29 December 2025". CERT Polska. 2026-01-30. Retrieved 2026-02-03.
  2. ^ a b c d e f "Energy Sector Incident Report – 29 December" (PDF). CERT Polska. Retrieved 2026-02-03.
  3. ^ a b "DynoWiper update: Technical analysis and attribution". welivesecurity by ESET. 2026-01-30. Retrieved 2026-02-03.
  4. ^ Jones, Connor (2026-01-26). "Moscow likely behind wiper attack on Poland's power grid, experts say". The Register. Retrieved 2026-02-03.
  5. ^ Jones, Connor (2026-01-29). "Cyberattack on Poland's power grid could have turned deadly in winter cold". The Register. Retrieved 2026-02-03.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.