The Polish government said Russian government hackers broke into parts of the country’s energy grid infrastructure by exploiting its poor security.
On Friday, Poland’s Computer Emergency Response Team (CERT), which is part of the Ministry of Digital Affairs, published a technical report about an incident late last year where suspected Russian government hackers breached wind and solar farms and a heat and power plant. According to the report, the hackers did not face much resistance. The targeted systems used default usernames and passwords and did not have multi-factor authentication enabled, both of which were incredibly basic mistakes.
The hackers tried to infect the systems they broke into with wiper malware designed to effectively wipe and destroy systems, perhaps trying to disable power, though it’s unclear if that was their goal. Either way, the attacks stopped at the heat and power plant, but not at the wind and solar farms, whose monitoring and control systems of grid systems were rendered inoperable by the malware.
“All attacks were purely destructive – by analogy to the natural world, they can be compared to deliberate acts of arson,” the report said.
The hackers failed to cut power to any of their targeted facilities. And even if they had succeeded, the report said the hack “would not have affected the stability of the Polish electricity system during the period in question”.
Cyber Security Companies ESET and Dragon previously released reports of the attacks, which took place on December 29 last year, accusing the notorious Russian government hacking group Sandworm of being behind the hacks. Sandworm has a proven track record of targeting energy infrastructure in Ukraine and turning off the country’s lights 2015, 2016and 2022.
Poland’s CERT, however, blamed a different Russian government hacking group known as Berserk Bear or Dragonflywhich is not known for destructive attacks, but rather for more traditional cyber espionage.
