The recent cyber attack, which targeted Poland’s energy sector last month, is said to have been orchestrated by a notorious cybercrime organization operating under the Russian government, based on an investigation into the attack.
Security specialists from the cybersecurity company ESET identify the perpetrators of the electrical grid attack as Sandworm, a collective that falls under the umbrella of the GRU, the Russian government’s military intelligence agency.
This attack on the electrical grid on the 29th and 30th of December represents one of the most significant cybersecurity risks to Poland’s critical infrastructure.
Last week, the Polish Minister of Energy, Milosz Motyka, disclosed that hackers had specifically targeted two heat and power plants, as the latter sought to break communication ties between green power plants and power distribution centers.
Russian Government-Backed Sandworm Targets Polish Wind Farms with DynoWiper
Some of the green power-targeting initiatives include the hacking of wind power plants, which have recently become very significant in the country’s power chain.
Successful, that would have plunged at least half a million Polish homes into the cold and darkness of winter, according to local media. The timing of the attack does seem deliberate since it was during the holiday period, which often sees skeleton crews manning cybersecurity teams.
Among others, ESET has focused its investigation on a piece of destructive malware that the firm has dubbed DynoWiper. The malware in question is from a class of malware called “wiper” malware, intended to irreversibly wipe all data off targeted computer systems and render these systems incapable of running. Unlike ransomware, which encrypts data for extortion, wiper malware aims only for destruction.
The cybersecurity firm attributed the malware to Sandworm with “medium confidence,” citing many similarities with the group’s previous work. Researchers identified a “strong overlap” between DynoWiper and earlier Sandworm malware, particularly tools the Russian government-backed group has deployed against Ukraine’s energy sector in past operations.
Poland Thwarts a Decade-Defying Cyber Strike
The connection to Sandworm takes on added importance in light of the group’s well-documented and rather infamous track record. The timing of the Polish attack takes on particular significance in that it comes exactly ten years after Sandworm’s first documented attack on Ukraine’s power grid in December 2015, which left more than 230,000 homes in and around Ukraine’s capital city in the dark and represented the first documented case of hackers succeeding in disrupting a power grid.
For instance, the Russian government-hacked group targeted the energy sector within Ukraine yet again in 2016, signifying their interest in the energy sector. Ever since, the group has become one of the most monitored cyber threat groups globally, owing greatly to their sophistication.
Ms. Zetter, an independent journalist who first reported ESET’s findings, has written extensively on Sandworm operations throughout the years. She has helped define their role within some of the worst cyber attacks in world history.
Poland, DynoWiper, and the New Era of Infrastructure Defense
The Polish government lost no time in pointing a finger at Moscow in the aftermath of the incident. Yet officials directly blamed the Russian government for being behind the attack, which fits into a broader pattern of alleged Russian cyber aggression against NATO countries and particularly those that have been vocal in their support for Ukraine since Russia’s invasion in 2022.
Despite the threat’s seriousness, Polish officials emphasized the stability of their defenses. Polish Prime Minister Donald Tusk assured citizens that the country’s cybersecurity mechanisms did their job. “At no time was critical infrastructure threatened,” he said, referring to the detection and response systems that have supposedly frustrated the attack.
The attack underlines how modern power grids have become increasingly vulnerable thanks to the increasing dependency on digital communication networks to coordinate generation and distribution.
And while environmental protection acknowledges it, integrating wind and solar power-all environmentally friendly energy sources- creates new points of entry for the evildoers backed up by hostile governments.
Poland, however, is also a stark reminder that cyber-attacks against major infrastructure are not only possibilities, but also present threats. With countries continuing to update their burgeoning energy systems, new avenues are continually offered to those intent on doing harm.
The foiled assault on Poland also illustrates the cyber warfare struggle going on between the Russian government and Western powers, an unpublicized struggle in the world of computer systems with potentially serious consequences for average citizens trying to heat their homes this winter.
For those within the field of cybersecurity, the appearance of DynoWiper merely introduces another item into the catalog that must be protected against, while those within the government sphere must navigate the issue alongside the imperative that their infrastructure becomes more secure against the sophisticated threats posed by those within their own countries.
