THE Russian nation‑state hacking group known as Sandworm has been attributed to what has been described as the largest cyber attack targeting Poland’s power system in the last week of December 2025. The attack was unsuccessful, the energy minister Milosz Motyka said. According to ESET, the attack deployed a previously undocumented wiper malware codenamed DynoWiper.
The Slovakian cybersecurity company identified the use of the wiper as part of the attempted disruptive attack aimed at the Polish energy sector on 29 December 2025, with the targets including two combined heat and power plants and a system that manages electricity from renewable sources. The Polish government said there was no evidence of disruption, while Prime Minister Donald Tusk said the attacks were prepared by groups directly linked to the Russian services and that extra safeguards would be introduced.
The report also recalls Sandworm’s history of disruptive cyberattacks, including the 2015 Ukrainian power grid incident and the KillDisk trojan.