A decade after plunging Ukraine into darkness, Russia's notorious Sandworm hacking unit just tried to take down Poland's power grid. Security firm ESET traced destructive wiper malware that hit two Polish power plants and wind turbine networks on December 29-30 back to the GRU's elite cyber warfare division. The attack failed, but it marks a dangerous escalation - half a million Polish homes nearly lost heat and electricity in what officials are calling the strongest cyberattack on the nation's energy infrastructure in years.
Poland just dodged a digital bullet that could have frozen half a million homes in the dead of winter. Security researchers at ESET have pinned December's attempted takedown of Poland's energy infrastructure on Sandworm, the Russian military intelligence unit that's been perfecting the art of grid warfare for a decade.
The attack unfolded over two days in late December, targeting heat and power plants alongside the communication links connecting wind turbines to Poland's distribution network. Polish Energy Minister Milosz Motyka told reporters via Reuters that hackers zeroed in on two critical facilities while simultaneously trying to sever the digital threads between renewable installations and grid operators. Local Polish media pegged the potential damage at outages for at least 500,000 households.
What makes this particularly alarming is the weapon of choice. ESET's research team got their hands on the malware sample and dubbed it DynoWiper. This isn't your garden-variety ransomware that holds systems hostage for Bitcoin. Wiper malware is designed to irreversibly destroy data on infected computers, turning them into expensive bricks. It's a weapon of pure disruption with no financial motive, just chaos.
The firm attributed the malware to Sandworm with "medium confidence" - intelligence community speak for highly probable but not ironclad. Their analysis found a "strong overlap" with previous Sandworm toolkits, particularly the destructive malware the group deployed against Ukraine's energy sector in attacks that have become textbook examples of cyber warfare.
