ACCORDING to Dragos, Russia-aligned activity clusters were linked to the Poland energy attack, described as the first large-scale assault against decentralised energy resources such as wind turbines and solar farms. On 29 and 30 December 2025, attackers hit more than 30 renewable energy farms, a private manufacturing company and a combined heat and power plant, with wiper malware that damaged remote terminal units and HMIs while the systems continued generating power.
CERT Polka published an incident report on 30 January 2026, likening the attack to arson as the events unfolded during Poland’s cold snap just before the New Year. The Cybersecurity and Infrastructure Security Agency (CISA) issued a security alert on 10 February 2026 warning of OT and ICS security gaps exploited via vulnerable edge devices, and urging firmware verification and changed default passwords.
Dragos’ findings also describe Electrum working with Kamacite to conduct destructive campaigns, while cautions about attribution and the potential impact of DER-focused attacks were repeated by industry commentators and officials.