ACCORDING to ESET researchers, a late-2025 cyberattack on Poland’s energy system has been linked to the Russia-aligned Sandworm APT, with DynoWiper described as the destructive malware used in the attempted strike on 29 December 2025. ESET attributes the operation to Sandworm with medium confidence, citing strong overlaps in tactics, techniques and behaviour with previous Sandworm wiper activity.
The incident was described as the largest cyber attack on Poland’s power grid, and while no successful disruption has been confirmed, the malware architecture clearly signals destructive intent. The attack occurred during peak winter demand and coincided with the 10-year anniversary of Sandworm’s 2015 cyberattack on Ukraine’s power grid, which left around 230,000 people without electricity.
ESET tracks the DynoWiper malware as Win32/KillFiles[.]NMO, and noted that expanded IoCs and defensive indicators have been shared with subscribers of itsThreat Intelligence services.