Find notable cyber news and cases, enriched with sources, timelines, and signals.

The Polish government rushing to finalize a National Cybersecurity System Act for earlier this month / current legislative push

Public Sector Action
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

Poland's government is rushing to finalize a National Cybersecurity System Act implementing NIS2, which would impose stricter risk management, IT and OT security, and incident response requirements. The push matters because it would raise the cybersecurity baseline for Polish institutions and the broader market. The move comes amid heightened concern over foreign-state interference and resilience of critical systems.

Related Happenings

ELECTRUM and KAMACITE split OT access-and-execution operating model

Threat Actor Meta
H score22 First: 28.01.2026 18:06 Last: 28.01.2026 18:06 Sources 1

About this happening: **ELECTRUM** and **KAMACITE** are operating as a split **OT intrusion** ecosystem, with one cluster focused on access and the other on execution, which increases flexibility and e...

Polish power grid hit by network compromise

Incident
H score32 First: 28.01.2026 18:06 Last: 28.01.2026 18:06 Sources 1

About this happening: Dragos disclosed a late-December cyberattack on the Polish power grid that disrupted OT communication and control at distributed generation sites. The intrusion affected combined...

Latest development: 29.01.2026 00:14

Dragos says a coordinated cyberattack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. The activity compromised OT systems, damaged key equipment beyond repair, disabled communications equipment at multiple sites, wiped Windows systems, and left power generation uninterrupted while affecting at least 12 confirmed sites, with Dragos estimating about 30. Dragos attributes the activity with moderate confidence to the Russian threat actor Electrum and describes it as distinct from Sandworm (APT44).

Sandworm destructive campaign against Poland’s power grid

Campaign
H score46 First: 26.01.2026 12:55 Last: 26.01.2026 12:55 Sources 1

How related: ESET claimed in a brief statement on Friday that the group was responsible for a series of attacks on Poland’s power grid in late December.

About this happening: **Sandworm** ran a **coordinated campaign** against **Poland’s power grid** in late December 2025, using a destructive wiper named **DynoWiper**. The activity targeted **two CHP p...

Sandworm DynoWiper wiper attack on Polish energy infrastructure

Malware Activity
H score39 First: 24.01.2026 10:21 Last: 24.01.2026 10:21 Sources 1

How related: “The attackers deployed a wiper, which we analyzed and named DynoWiper. We’re not aware that any successful disruption occurred as a result of this attack,” explained ESET principal threat intelligence researcher, Robert Lipovsky.

About this happening: **Sandworm** used **DynoWiper**, a previously undocumented **wiper malware**, in a failed attack against **Poland's energy sector**. The activity targeted **two combined heat and...

Latest development: 29.01.2026 00:14

Dragos says the late-December attack on Poland's power grid was carried out by the Russian activity cluster Electrum with moderate confidence, noting overlap with Sandworm (APT44) but treating Electrum as a distinct cluster. The group targeted exposed and vulnerable RTUs, network edge devices, monitoring and control systems, and Windows-based machines at DER sites, disabled communications equipment at multiple sites, and wiped some Windows systems.

Jaguar Land Rover (JLR) hit by cyberattack

Incident
H score65 First: 06.01.2026 13:15 Last: 06.01.2026 13:15 Sources 1

About this happening: **Jaguar Land Rover (JLR)** remains tied to a **September 2025 cyberattack** that disrupted operations for weeks and drove major financial fallout, including **£196m ($258m)** in...

Latest development: 29.06.2026 12:15

A June 26 New York Times report linked Russian hackers to the Jaguar Land Rover breach, and Microsoft reportedly raised the alarm with JLR while security experts described the activity as Kremlin-backed destructive sabotage rather than a ransom-driven intrusion. Attribution was also complicated by Scattered Lapsus$ Hunters claiming responsibility, and the report separately claimed that Rey independently breached part of the JLR network.

Timeline

  1. 26.01.2026 12:55 2 articles · 5mo ago

    Poland rushes to finalize NIS2 cybersecurity act

    Legal Policy Action Update

    Poland’s government is rushing to finalize a National Cybersecurity System Act implementing NIS2, aiming to impose stricter requirements for risk management, IT and OT security, and incident response on Polish institutions and market participants.

    Show sources