Russia was probably behind the failed attempts to compromise the systems of Poland’s power companies in December, cybersecurity researchers claim.
ESET attributed the attack with “medium” confidence to Russia’s GRU-run Sandworm unit, after it investigated the attack and its use of wiper malware.
The attackers, believed to be state-backed, deployed DynoWiper malware on Poland’s national energy systems. Energy minister Milosz Motyka said they attempted to disrupt communication between renewable hardware and power distribution operators, but were unsuccessful.
The use of wiper malware is one of the telltale signs of Sandworm’s likely involvement – the group has an extensive history of using wiper strains against the critical infrastructure of adversarial countries.
Mandiant previously linked blackouts in Ukraine to Sandworm’s deployment of CaddyWiper in 2023, and the same group is thought to have executed WhisperGate wiper malware to coincide with its on-the-ground invasion of Ukraine in 2022.
ESET believes the DynoWiper attack on Poland was timed to mark the ten-year anniversary of Sandworm’s 2015 attack on Ukraine’s energy sector, which researchers suspect was the first case of malware-related blackouts.
“We continue to investigate the incident and broader implications,” said ESET Research via social media. “As new evidence or links to additional Sandworm activity emerge, we will share further updates to help defenders protect critical sectors.”
Poland, a NATO member and supporter of Ukraine, naturally has a fractious relationship with Russia, although it is one that was never truly friendly.
Officials have not linked the latest aggression to any specific event between the two countries, although it’s somewhat of a take-your-pick situation if you look for reasons in the months preceding the attack.
Polish Prime minister Donald Tusk announced in November that he was closing Russia’s last consulate in the country after tying Moscow to an explosion that destroyed part of a key rail line used for transporting resources into Ukraine.
In October, Poland confirmed new sanctions on steel companies it suspected were circumventing international sanctions to export goods to Russia.
Various instances of Russia probing military tolerances also focused on Poland, such as recon planes approaching Polish airspace, although Russia tends to push its luck in this regard with most of its adversaries.
Since the attempted cyberattack, which officials described as the strongest the power grid has faced in years, Poland arrested a slew of individuals suspected of playing key roles in Russian espionage rings.
Recent reports also suggest Poland is working with NATO to establish an Eastern Flank Deterrence Line along the eastern border with Belarus. The initiative will reportedly set up a largely unmanned border security system, complete with autonomous weapons systems and AI-powered monitoring tools, which Russia will no doubt view as an act of military aggression. ®