Researchers say Russian government hackers were behind attempted Poland power outage

• ESET links December 2025 Poland energy cyberattack to Sandworm
• DynoWiper malware attempted disruption but was stopped before causing significant damage
• Attack echoes Sandworm’s 2015 Ukraine blackout; Poland faces rising Russian cyber and sabotage threats

The devastating December 2025 cyberattack on Poland’s energy system was most likely the work of Sandworm, an infamous Russian state-sponsored threat actor, experts have said

“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” ESET researchers said in a new report.

“We’re not aware of any successful disruption occurring as a result of this attack,” the researchers added, saying they attributed the attack to the Russians with “medium confidence.”