ACCORDING to the Associated Press, Poland experienced 2½ times more cyberattacks in 2025 than the previous year, with the total reaching 270,000 attacks. The December attack included a destructive infiltration of the energy system, hitting a combined heat and power plant that supplies heat to almost 500,000 customers along with multiple wind and solar farms.
Polish authorities suspected a single threat actor linked to Russian secret services, and CERT Polska issued a public report in late January detailing the incident and seeking input from the cyber community. The CERT analysis found that the Internet infrastructure used in the attack had been previously associated with a Russian threat actor known as Dragonfly, also called Static Tundra or Berserk Bear, and ESET analysts said the malware used likely pointed to Sandworm.
The U.S. government has previously attributed Sandworm to the GRU, the Main Intelligence Directorate of Russia’s armed forces, with experts noting that traces of the December attack appear to lead back to Russia.