Healthy processed event from Hybrid War Tracker
Headline: Cyberattack Targeting Poland’s Energy Grid Used a Wiper
Short Summary: In late December 2023, Poland faced a significant cyberattack against its energy infrastructure involving a wiper malware called DynoWiper, aimed at erasing critical IT system files to disrupt power supply and recovery capabilities. The malware focused on IT systems of power generation and distribution sites, including heat-and-power plants and renewable energy sources, but spared the operational technology systems that control the grid. The attack, attributed to the Russian GRU-linked Sandworm group with medium confidence by European security firm ESET, was foiled without any service disruption or blackout. Polish Prime Minister Donald Tusk affirmed the successful defense and linked the attack to Russian intelligence services. The event marks Poland's first disruptive cyberattack on its energy sector with destructive intent, resembling prior attacks Sandworm launched against Ukraine’s energy infrastructure a decade ago. Officials have not detailed the attack vectors but emphasized the seriousness and unprecedented nature of this attempted attack.
Extended Summary: In late December 2023, Poland faced a significant cyberattack against its energy infrastructure involving a wiper malware called DynoWiper, aimed at erasing critical IT system files to disrupt power supply and recovery capabilities. The malware focused on IT systems of power generation and distribution sites, including heat-and-power plants and renewable energy sources, but spared the operational technology systems that control the grid. The attack, attributed to the Russian GRU-linked Sandworm group with medium confidence by European security firm ESET, was foiled without any service disruption or blackout. Polish Prime Minister Donald Tusk affirmed the successful defense and linked the attack to Russian intelligence services. The event marks Poland's first disruptive cyberattack on its energy sector with destructive intent, resembling prior attacks Sandworm launched against Ukraine’s energy infrastructure a decade ago. Officials have not detailed the attack vectors but emphasized the seriousness and unprecedented nature of this attempted attack.
At the end of December 2023, a cyberattack targeting power plants and energy producers in Poland employed a destructive malware 'wiper' named DynoWiper, designed to erase files and disrupt recovery IT systems. This attack, attributed with medium confidence to Sandworm, a GRU-linked Russian hacking group, aimed to cause power outages and disruptions affecting approximately 500,000 people. The attack targeted IT systems supporting Poland's energy generation and distribution infrastructure, including heat-and-power plants and renewable energy management systems, but did not affect the operational technology controlling the grid. Polish authorities thwarted the attack before any damage occurred, confirmed by independent security research from ESET. Polish Prime Minister Donald Tusk publicly stated that critical infrastructure was never threatened and attributed the attack to groups directly linked to Russian services. This incident is unprecedented in Poland due to its disruptive and destructive intent, contrasting with previous less damaging cyberattacks.
The article clearly describes a hostile Russian-linked cyberattack employing destructive malware targeting Poland's energy infrastructure, and also details Polish authorities' successful defense and public attribution, showing both aggressor and defensive preparation activities.
Add a source URL for enrichment
Prefer one-click submissions? Install the HWT Chrome extension from the Web Store. Get extension .