Poland’s energy sector came under the gravest threat during a coordinated series of cyberattacks from December 29 to 30, 2023. Hackers carried out a cyberattack on two heating and electricity plants. The intent had been to target the communications infrastructure that connects renewable energy installations, such as wind turbines, to grid operators. Had any of these attacks been successful, they would have disabled heating and electricity for upwards of a million homes nationwide. This would have resulted in unnecessary pain, confusion, and disorder.
According to cybersecurity firm ESET, the destructive malware used in the failed attack is called DynoWiper. The firm attributed DynoWiper to a group identified as Sandworm, which has a history of utilizing destructive malware to compromise energy systems, particularly in Ukraine. ESET stated that they were attributing this with “medium confidence,” largely due to the strong overlap in TTPs and the TTT.
The cyberattack on Poland hits almost exactly ten years after Sandworm’s first known attack. Similar to the 2015 attack, the 2016 attack targeted Ukraine’s energy infrastructure and led to power outages for more than 230,000 households near Kyiv. What happened this time is disturbing. Indeed, just one year ago, a related cyberattack crippled Ukraine’s energy infrastructure immediately following the foiled attack on Poland.
Poland’s government responded swiftly to the situation. Energy Minister Milosz Motyka described the attack as the “most serious blow” to Poland’s energy infrastructure in decades. During the June protests, Prime Minister Donald Tusk took to the streets to calm the public. He touched on the country’s cybersecurity defenses, especially in light of recent events.
“At no point was critical infrastructure threatened.” – Donald Tusk
Regardless of the attack’s severity, as Tusk noted, what was most important is that the country’s cybersecurity infrastructure prevented any danger from reaching its intended target. The Polish government has directly blamed Moscow for this cyber intrusion, indicating ongoing tensions between Poland and Russia, particularly concerning cyber warfare.
While this incident continues to unfold, national security experts are still processing what exactly a breach of this magnitude means for our national security. The potential for cyberattacks targeting critical infrastructure remains a pressing concern for many nations, especially those with historical tensions involving state-sponsored hacking groups.