Cyberattack against Poland’s power grid triggers CISA alert

The Cybersecurity and Infrastructure Security Agency has warned U.S. critical infrastructure owners and operators of operational technology and industrial control system threats in the wake of an attack by Russian state-sponsored threat operation Static Tundra, also known as Berserk Bear, Dragonfly, and Ghost Blizzard, against Poland's energy sector in December, reports CyberScoop.

Initial access through misconfigured internet-exposed edge devices enabled attackers to launch wiper malware and compromise remote terminal units, resulting in reduced visibility between facilities and distribution system operators, as well as corrupted human machine interface data and OT device firmware, noted the CISA alert, which has been issued to "amplify" the report released by CERT-Polska in late January.

"The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS," said CISA. Such an attack was previously noted by Dragos researchers to indicate that distributed energy resources are a "valid target for sophisticated adversaries."