Russian hackers strike Poland's energy network due to weak security

The Polish government has reported a cyberattack on the country's energy infrastructure conducted by hackers linked to the Russian government.

Source: TechCrunch

Details: The incident occurred at the end of last year and was detailed in a technical report posted by the computer emergency response team (CERT) of the Polish Ministry of Digital Affairs.

The report said that the attackers had gained access to wind and solar power systems as well as a combined heat and power plant. They exploited basic security weaknesses, including the use of default usernames and passwords and the absence of multi-factor authentication, allowing them to infiltrate the systems with little resistance.

The hackers attempted to install "wiper" malware designed to destroy data and disable systems. The attack was stopped at the combined heat and power plant, but monitoring and control systems at wind and solar stations were disrupted by the malware.

The report noted that the hackers' actions had been purely destructive and comparable to deliberate acts of arson. Despite this, electricity supply remained uninterrupted and the stability of Poland's energy system was maintained.

Background: Earlier, cybersecurity firms ESET and Dragos reported that the attacks occurred on 29 December 2025 and attributed them to the Russian hacker group Sandworm, known for attacks on Ukraine's energy infrastructure in 2015, 2016 and 2022. However, Poland's CERT assigned responsibility to a different Russian group – Berserk Bear (Dragonfly), which typically focuses on cyber-espionage.

Support Ukrainska Pravda on Patreon!