A failed attempt in December to bring down parts of Poland’s energy grid was the work of Russian government hackers known for causing energy disruptions in the past, according to a security research firm investigating the incident.
Last week, Polish Energy Minister Milosz Motyka he told reporters that the attempted cyberattack on December 29 and 30 saw hackers target two heat and power plants, as well as attempt to disrupt communications links between renewable energy facilities such as wind turbines and electricity distribution operators.
Motyka called the incident the “strongest attack” on Poland’s energy infrastructure in years, with the Polish government blaming Moscow for the attempt. Local media was mentioned that the attacks could have knocked out heat and power in at least half a million homes across the country.
On Friday, cybersecurity firm ESET said he received a copy of the destructive malware, which it calls DynoWiper. This type of malware, known as “wiper” malware, is designed to irreversibly destroy data on computers to prevent them from functioning.
ESET attributed the malware with “moderate confidence” to the hacking group known as Sandworm, a unit within Russia’s GRU military intelligence agency, based on a “strong overlap” with its previous research into past Sandworm malware, including the group’s use of destructive malware to target Ukraine’s energy sector.
Freelance journalist Kim Zetter reported for the first time the news.
As noted by Zetter, the cyberattacks targeting Poland come almost exactly a decade after the first known Sandworm cyberattack on Ukraine’s energy infrastructure in 2015, which knocked out power to more than 230,000 homes around the country’s capital, Kyiv. A similar cyberattack hit Ukraine’s energy systems a year later.
After the hacking attempt, Polish Prime Minister Donald Tusk said the country’s cyber defenses had worked and “at no point was critical infrastructure threatened.”
