Moscow likely behind wiper attack on Poland’s power grid, experts say

Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.

ESET attributed the attack with "medium" confidence to Russia's GRU-run Sandworm unit, after it investigated the attack and its use of wiper malware. 

The attackers, believed to be state-backed, deployed DynoWiper malware on Poland's national energy systems. Energy minister Milosz Motyka said they attempted to disrupt communication between renewable hardware and power distribution operators, but were unsuccessful.

The use of wiper malware is one of the telltale signs of Sandworm's likely involvement - the group has an extensive history of using wiper strains against the critical infrastructure of adversarial countries.

Mandiant previously linked blackouts in Ukraine to Sandworm's deployment of CaddyWiper in 2023, and the same group is thought to have executed WhisperGate wiper malware to coincide with its on-the-ground invasion of Ukraine in 2022.

ESET ...