Sandworm group linked to major attempted cyberattack on Poland’s power system

According to The Hacker News, Poland's energy infrastructure was targeted in an attempted cyberattack, occurring in the final week of December 2025. The attack, though unsuccessful, has been attributed to the Russian nation-state hacking group Sandworm.

The cybersecurity firm ESET reported that Sandworm deployed a new, undocumented wiper malware named DynoWiper in the attempted disruptive attack on December 29, 2025. This attribution is based on similarities to previous wiper activities linked to Sandworm, particularly following Russia's invasion of Ukraine in February 2022. The targets included two combined heat and power plants and a system managing renewable energy sources. Polish Prime Minister Donald Tusk stated that the attacks appeared to be prepared by groups directly linked to Russian services.

This incident highlights Sandworm's continued focus on critical infrastructure, echoing a decade-old attack on Ukraine's power grid. In response, Poland is preparing enhanced safeguards and new cybersecurity legislation. This legislation will mandate stringent risk management, IT/OT system protection, and incident response protocols.

Source: The Hacker News