Sandworm destructive campaign against Poland’s power grid
Campaign
Summary
Hide ▲
Show ▼
Sandworm ran a coordinated campaign against Poland’s power grid in late December 2025, using a destructive wiper named DynoWiper. The activity targeted two CHP plants and a renewable energy system, but no successful disruption is confirmed. The operation matters because it shows sustained destructive pressure on Polish energy assets and fits Sandworm’s broader pattern of attacks on critical infrastructure.
Related Happenings
Poland’s National Centre for Nuclear Research (NCBJ) hit by network compromise
Incident
First: 13.03.2026 19:11
Last: 13.03.2026 19:11
Sources 1
About this happening:
Poland’s **National Centre for Nuclear Research (NCBJ)** confirmed a cyberattack on its **IT infrastructure**, and the attempt was **detected and blocked** before causing impact....
Poland’s National Centre for Nuclear Research (NCBJ) hit by network compromise
IncidentAbout this happening: Poland’s **National Centre for Nuclear Research (NCBJ)** confirmed a cyberattack on its **IT infrastructure**, and the attempt was **detected and blocked** before causing impact....
Electrum and Kamicite destructive OT/ICS campaign
Campaign
First: 17.02.2026 23:31
Last: 17.02.2026 23:31
Sources 1
About this happening:
A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Electrum and Kamicite destructive OT/ICS campaign
CampaignAbout this happening: A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Poland's energy sector hit by network compromise
Incident
First: 17.02.2026 23:31
Last: 17.02.2026 23:31
Sources 1
About this happening:
A **wiper attack** hit **Poland's energy sector** on **Dec. 29 and 30, 2025**, damaging OT visibility and firmware across **more than 30 renewable energy farms** and other facilit...
Poland's energy sector hit by network compromise
IncidentAbout this happening: A **wiper attack** hit **Poland's energy sector** on **Dec. 29 and 30, 2025**, damaging OT visibility and firmware across **more than 30 renewable energy farms** and other facilit...
Static Tundra destructive campaign against Polish energy and manufacturing targets
Campaign
First: 31.01.2026 09:05
Last: 31.01.2026 09:05
Sources 1
About this happening:
The **Static Tundra** operation used **destructive attacks** against **more than 30 wind and photovoltaic farms**, a **manufacturing company**, and a **CHP plant** in **Poland**....
Static Tundra destructive campaign against Polish energy and manufacturing targets
CampaignAbout this happening: The **Static Tundra** operation used **destructive attacks** against **more than 30 wind and photovoltaic farms**, a **manufacturing company**, and a **CHP plant** in **Poland**....
Polish power grid hit by network compromise
Incident
First: 28.01.2026 18:06
Last: 28.01.2026 18:06
Sources 1
How related:
Dragos said the Poland attack targeted systems that facilitate communication and control between grid operators and DER assets, including assets that enable network connectivity, allowing the adversary to successfully disrupt operations at about 30 distributed generation sites.
About this happening:
Dragos disclosed a late-December cyberattack on the Polish power grid that disrupted OT communication and control at distributed generation sites. The intrusion affected combined...
Polish power grid hit by network compromise
IncidentHow related: Dragos said the Poland attack targeted systems that facilitate communication and control between grid operators and DER assets, including assets that enable network connectivity, allowing the adversary to successfully disrupt operations at about 30 distributed generation sites.
About this happening: Dragos disclosed a late-December cyberattack on the Polish power grid that disrupted OT communication and control at distributed generation sites. The intrusion affected combined...
Latest development: 29.01.2026 00:14
Dragos says a coordinated cyberattack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. The activity compromised OT systems, damaged key equipment beyond repair, disabled communications equipment at multiple sites, wiped Windows systems, and left power generation uninterrupted while affecting at least 12 confirmed sites, with Dragos estimating about 30. Dragos attributes the activity with moderate confidence to the Russian threat actor Electrum and describes it as distinct from Sandworm (APT44).
Timeline
-
26.01.2026 12:55 3 articles · 4mo ago
Sandworm destructive campaign against Poland’s power grid
Initial DisclosureThe first observed phase was a late-December offensive against **Poland’s energy assets**, with destructive activity tied to **Sandworm** and the **DynoWiper** wiper. The attacks focused on **two CHP plants** and **a renewable energy system** before any confirmed outage was reported.
Show sources
- Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm — www.infosecurity-magazine.com — 26.01.2026 12:55
- Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm — www.infosecurity-magazine.com — 26.01.2026 12:55
- Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid — thehackernews.com — 28.01.2026 18:06