The Sandworm Hackers: A Close Call with Poland’s Energy Systems

Cyberattack on Poland’s Power Grid Linked to Russian Hacking Group Sandworm

In a recent cyberattack on Poland’s power grid in late December 2025, the Russian state-sponsored hacking group Sandworm attempted to deploy a destructive data-wiping malware known as DynoWiper. This attack has raised concerns about the security of critical infrastructure systems.

Sandworm, also known as UAC-0113, APT44, and Seashell Blizzard, has been active since 2009. Believed to be associated with Russia’s Military Unit 74455 of the Main Intelligence Directorate (GRU), Sandworm is notorious for carrying out disruptive and destructive cyberattacks.

Notably, Sandworm was responsible for a destructive data-wiping attack on Ukraine’s energy grid a decade ago, leaving a significant population without power. The group’s latest attack on Poland’s energy infrastructure underscores the ongoing threat posed by state-sponsored hacking groups.

ESET has confirmed that Sandworm was behind the cyberattack on Poland’s energy infrastructure, utilizing the destructive data wiper DynoWiper. This type of malware systematically deletes files from the filesystem, rendering the operating system inoperable and necessitating a complete system rebuild.

During the attack, two combined heat and power plants and a management system controlling electricity from renewable sources were targeted. Polish Prime Minister Donald Tusk attributed the attacks to groups directly linked to Russian services, highlighting the geopolitical implications of such cyber incidents.

While technical details about DynoWiper are limited, ESET has identified it as Win32/KillFiles.NMO with a specific SHA-1 hash. The absence of a publicly available sample of the wiper poses challenges for cybersecurity researchers in analyzing and mitigating the threat.

Security experts recommend studying Microsoft’s report on Sandworm for insights into the group’s tactics and techniques. Recent incidents in Ukraine, where Sandworm targeted various sectors with data-wiping attacks, further underscore the group’s capabilities and intentions.

See also  Deep Space Energy Receives Funding to Develop Lunar Energy Technology for European Defense and Space Autonomy

Explore best practices for secrets management and secure code development to enhance your cybersecurity posture.

Download our comprehensive guide and safeguard your organization against evolving cyber threats.

Download Now