CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Nation-State·ICS/OT

Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid

10 years after disrupting the Ukrainian power grid, the APT targeted Poland with data-wiping malware. The post Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid appeared first on SecurityWeek.

Sandworm APT44

The Russian state-sponsored APT named Sandworm was behind the December 2025 cyberattack targeting Poland’s power grid, cybersecurity firm ESET reports.

Poland’s energy infrastructure, including two combined heat and power (CHP) plants and a renewable energy management system, was targeted by hackers on December 29-30, and Polish officials blamed Russia for the assault.

Said to have been the largest cyberattack against Poland in years, the December 2025 incident was thwarted before it could cause a blackout or compromise critical infrastructure, the country’s officials said earlier this month.

The attack occurred 10 years after Sandworm used the BlackEnergy malware in a disruptive attack against Ukraine’s power grid, resulting in multiple blackouts in the Ivano-Frankivsk region.

Active since at least 2009, the threat actor is believed to be associated with Russia’s General Staff Main Intelligence Directorate (GRU) military unit 74455.

Also known as APT44, BlackEnergy Lite, Seashell Blizzard, Telebots, and Voodoo Bear, Sandworm has become notorious for its espionage and information operations, as well as cyber disruptions.

According to ESET, the APT was most likely behind the December 2025 cyberattack on the Polish power grid, based on the employed malware and associated TTPs.

The cybersecurity firm said that Sandworm deployed a new data wiper in the attack, but did not cause disruptions. The intended impact of the assault has yet to be determined.

“We’re not aware of any successful disruption occurring as a result of this attack,” ESET said.

The malware, dubbed DynoWiper (Win32/KillFiles.NMO), aligns with previous Sandworm wiper attacks, the cybersecurity firm noted. No technical details on the threat have been published.

Underlining the link between the Polish assault and the anniversary of Sandworm’s attack on Ukraine’s power grid, ESET pointed out that the APT continues to regularly mount wiper attacks against Ukrainian targets.

“Fast forward a decade and Sandworm continues to target entities operating in various critical infrastructure sectors, especially in Ukraine,” ESET said.

Related: Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities

Related: Pro-Russian Hackers Claim Cyberattack on French Postal Service

Related: Denmark Blames Russia for Cyberattacks Ahead of Elections and on Water Utility

Related: Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks

Latest News

CYBERNEWSMEDIAPublisher