Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Polish power grid hit by network compromise

Incident
First reported
Last updated
Happening score
H score 27
2 unique sources, 2 articles

Summary

Hide ▲

Dragos disclosed a late-December cyberattack on the Polish power grid that disrupted OT communication and control at distributed generation sites. The intrusion affected combined heat and power facilities and renewable dispatch systems, reaching RTUs and communications infrastructure through exposed network devices and exploited vulnerabilities. The activity impacted roughly 30 facilities, with at least 12 confirmed in later reporting. Some equipment was damaged beyond repair, communications equipment was disabled at multiple sites, and Windows systems were wiped. Power generation continued and no outages were reported, but the loss of visibility and control created significant operational risk. Later analysis attributed the activity with moderate confidence to the Electrum threat group and described it as distinct from Sandworm/APT44.

Related Happenings

Poland’s National Centre for Nuclear Research (NCBJ) hit by network compromise

Incident
First: 13.03.2026 19:11 Last: 13.03.2026 19:11 Sources 1

About this happening: Poland’s **National Centre for Nuclear Research (NCBJ)** confirmed a cyberattack on its **IT infrastructure**, and the attempt was **detected and blocked** before causing impact....

Open Happening

Electrum and Kamicite destructive OT/ICS campaign

Campaign
First: 17.02.2026 23:31 Last: 17.02.2026 23:31 Sources 1

About this happening: A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...

Open Happening

Poland's energy sector hit by network compromise

Incident
First: 17.02.2026 23:31 Last: 17.02.2026 23:31 Sources 1

About this happening: A **wiper attack** hit **Poland's energy sector** on **Dec. 29 and 30, 2025**, damaging OT visibility and firmware across **more than 30 renewable energy farms** and other facilit...

Open Happening

UNC6201 Dell RecoverPoint for Virtual Machines zero-day campaign

Campaign
First: 17.02.2026 22:15 Last: 17.02.2026 22:15 Sources 1

About this happening: The **UNC6201** campaign has been exploiting a **Dell zero-day** since **mid-2024**, creating a sustained risk of unauthorized access and stealthy movement across victims' virtual...

Latest development: 19.02.2026 17:30

CISA added CVE-2026-22769 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure affected Dell RecoverPoint systems by Saturday, February 21, after Mandiant and Google Threat Intelligence Group (GTIG) said UNC6201 had exploited the flaw since at least mid-2024.

Open Happening

Static Tundra destructive campaign against Polish energy and manufacturing targets

Campaign
First: 31.01.2026 09:05 Last: 31.01.2026 09:05 Sources 1

About this happening: The **Static Tundra** operation used **destructive attacks** against **more than 30 wind and photovoltaic farms**, a **manufacturing company**, and a **CHP plant** in **Poland**....

Open Happening

Timeline

  1. 29.01.2026 00:14 2 articles · 3mo ago

    Dragos attributes late-December attack on Poland's power grid to Electrum

    Technical Analysis Update

    Dragos says a coordinated cyberattack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. The activity compromised OT systems, damaged key equipment beyond repair, disabled communications equipment at multiple sites, wiped Windows systems, and left power generation uninterrupted while affecting at least 12 confirmed sites, with Dragos estimating about 30. Dragos attributes the activity with moderate confidence to the Russian threat actor Electrum and describes it as distinct from Sandworm (APT44).

    Show sources
    Open in new tab
  2. 28.01.2026 18:06 2 articles · 3mo ago

    Dragos discloses ELECTRUM-linked attack on the Polish power grid

    Initial Disclosure

    Dragos disclosed a late December 2025 cyberattack on the Polish power grid and assessed with medium confidence that ELECTRUM was responsible. The intrusion targeted communication and control systems at combined heat and power (CHP) facilities and renewable dispatch infrastructure, disrupted operations at about 30 distributed generation sites, reached Remote Terminal Units (RTUs) and communications equipment through exposed network devices and exploited vulnerabilities, did not cause power outages, and left some equipment disabled beyond repair.

    Show sources
    Open in new tab