Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid

The Russian state-sponsored APT named Sandworm was behind the December 2025 cyberattack targeting Poland’s power grid, cybersecurity firm ESET reports.

Poland’s energy infrastructure, including two combined heat and power (CHP) plants and a renewable energy management system, was targeted by hackers on December 29-30, and Polish officials blamed Russia for the assault.

Said to have been the largest cyberattack against Poland in years, the December 2025 incident was thwarted before it could cause a blackout or compromise critical infrastructure, the country’s officials said earlier this month.

The attack occurred 10 years after Sandworm used the BlackEnergy malware in a disruptive attack against Ukraine’s power grid, resulting in multiple blackouts in the Ivano-Frankivsk region.

Active since at least 2009, the threat actor is believed to be associated with Russia’s General Staff Main Intelligence Directorate (GRU) military unit 74455.

Also known as APT44, BlackEnergy Lite, Seashell Blizzard ...