A recent cyber attack attributed to the Russian hacking group known as Sandworm involved the deployment of a new wiper malware, codenamed DynoWiper, against Poland’s energy infrastructure. This incident is reported to be the largest cyber attack targeting the Polish power sector in recent years, occurring in the last week of December 2025.
Details of the Attack
Poland’s energy minister, Milosz Motyka, confirmed that the attack was diagnosed as the strongest assault on the country’s energy infrastructure in years, although it was ultimately unsuccessful. The Slovakian cybersecurity firm ESET reported that the attack took place on December 29, 2025, and targeted two combined heat and power (CHP) plants, as well as a system managing electricity from renewable sources.
Connection to Sandworm
The attribution to Sandworm is based on similarities with previous wiper malware activities linked to the group, particularly following Russia’s military invasion of Ukraine in February 2022. ESET noted that there is no evidence indicating successful disruption from the attack.
Government Response and Historical Context
In response to the incident, Polish Prime Minister Donald Tusk stated that the government is implementing additional cybersecurity measures, including new legislation aimed at enhancing risk management and protection of IT and operational technology systems. This attack coincides with the tenth anniversary of Sandworm’s previous attack on Ukraine’s power grid, which involved the deployment of the BlackEnergy malware.
Ongoing Threats from Sandworm
Sandworm has a documented history of targeting critical infrastructure, particularly in Ukraine. In June 2025, Cisco Talos reported that a critical infrastructure entity in Ukraine was targeted by a new data wiper malware named PathWiper, which shares functional similarities with Sandworm’s HermeticWiper. The group has also been linked to various data-wiping malware incidents affecting Ukrainian entities across multiple sectors throughout 2025.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
