Ukrainska Pravda
Укр Рос Eng

Poland believes Russian intelligence hackers behind cyberattacks on country's energy facilities

Ulyana Krychkovska - 31 January, 10:43
Stock Photo: Getty Images

Poland's Computer Emergency Response Team (CERT Polska) believes that Russia's domestic intelligence service was likely responsible for cyberattacks on the country's energy infrastructure.

Source: CERT Polska report cited by Reuters, as reported by European Pravda

Details: The cyberattacks took place in late December 2025 and targeted 30 Polish renewable energy facilities, a manufacturing company, and a plant supplying heat to nearly 500,000 consumers.

The report states that the attacks, described by the Polish minister as the worst in recent years, were attributed to a hacking group linked to Russia's Federal Security Service (FSB), tracked under several aliases, including Berserk Bear and Dragonfly.

CERT Polska noted that the attacks were "purely destructive in nature" and compared them to arson.

"It is worth noting that this period coincided with low temperatures and snowstorms affecting Poland, shortly before New Year's Eve," the report said.

According to the findings, Russia's aim was to irreversibly destroy data stored on the systems of a combined heat and power plant, but security software blocked this part of the attack.

The report's conclusions are partially supported by an independent analysis published last week by researchers at Slovak cybersecurity firm ESET.

ESET said the malware used in the attack on Poland matched previous destructive cyber operations linked to Russia but attributed it to a Russian military intelligence hacking unit known as Sandworm rather than the FSB.

ESET later released a second report expanding its malware analysis, again linking it to Sandworm, while cautioning that other aspects of the operation may have been carried out by different hacking groups.

John Hultquist, chief analyst at Google Threat Intelligence Group, said that if the attack was indeed carried out by Berserk Bear, it would represent an escalation from long-term espionage intrusions to outright destructive actions.

He noted that the situation should raise concerns about the security of the Winter Olympics, set to begin on 6 February.

"Russia has previously attempted to knock the opening ceremonies of the Winter Olympics offline, and they were extremely active during the last summer games. Disruptive cyberattacks are a very real threat," Hultquist concluded.

Background:

  • Poland's Energy Minister Miłosz Motyka said that failed cyberattacks on a number of power-generating facilities occurred in the final days of 2025. In November, he stated that Poland faces the highest number of cyberattacks in the EU.
  • Krzysztof Gawkowski, Poland's Deputy Prime Minister and Minister of Digital Affairs, said that in December, the country came "very close" to a power blackout due to a Russian attack.
  • On 15 January, Polish Prime Minister Donald Tusk convened an urgent meeting on cyberattacks against Poland's energy infrastructure.
  • Afterwards, Tusk said that some signs point to the involvement of Russian special services in preparing cyberattacks on Poland's energy infrastructure, though there is no hard evidence yet.

Support Ukrainska Pravda on Patreon!

Poland cyber security Russia
Top news of today
Musk responds to Ukraine's request for help in tackling issue of Russian drones using Starlink 30 January, 20:31
Russian State Duma threatens Ukraine with new strikes during peak winter cold 31 January, 06:22
Kremlin confirms Trump personally asked Putin to halt attacks on Kyiv until 1 February 30 January, 12:27
Crimean organisations' assembly responds to UN secretary general's remarks on Crimea's "self-determination" 30 January, 15:21
UN secretary general rejects Russia’s bid to justify Crimea and Donbas occupation as "self-determination" 30 January, 13:14
Week-long pause in energy strikes began last night – Zelenskyy 30 January, 19:45