58/69 Friday, January 30, 2026
In late December, Poland’s energy infrastructure became the target of coordinated cyberattacks across multiple regions, focusing on Distributed Energy Resources (DERs) nationwide. The affected facilities included wind, solar, and combined heat and power plants, with approximately 30 sites impacted (up from an initial estimate of 12). Although the attackers were able to breach Operational Technology (OT) systems and cause irreparable damage to some critical equipment, they failed to fully disrupt electricity supply. The total affected generation capacity was estimated at around 1.2 gigawatts, or roughly 5% of the country’s total power output.
Researchers from Dragos noted that while the incident did not result in a widespread blackout, it serves as a serious warning about the fragility of distributed energy systems. Targeting energy infrastructure during winter was described as irresponsible and potentially life-threatening, given the population’s reliance on power during cold conditions. Even without a direct power outage, such attacks can severely destabilize system frequency, posing significant operational risks. The report attributes the attack to a Russian-linked threat group known as “Electrum,” which is believed to be associated with Sandworm / APT44. The attackers demonstrated deep technical knowledge of energy systems, exploiting misconfigurations and vulnerabilities in Remote Terminal Units (RTUs) and communication systems, leading to loss of remote monitoring and control. The operation also involved the deployment of data-wiping malware, completely erasing Windows systems—consistent with ESET’s findings on the use of DynoWiper in the campaign.
Although electricity generation continued, some equipment suffered permanent configuration damage and could not be restored. Researchers emphasized that while the attack was insufficient to cause a nationwide blackout, it had a high potential to trigger severe frequency instability, which in extreme cases could lead to cascading failures across the power grid. This risk was compared to the 2025 Iberian power grid failure affecting Spain and Portugal, which was caused by widespread frequency deviations.
