THE Hacker News reports that the December 2025 cyber attack on Poland’s power grid has been attributed with medium confidence to a Russian state‑sponsored group known as ELECTRUM. Dragos described the operation as the first major cyber assault targeting distributed energy resources and noted that it affected communication and control systems at combined heat and power facilities, as well as systems dispatching renewable energy from wind and solar sites.
The attackers gained access to OT systems critical to grid operations and disabled equipment beyond repair at the site, although there were no power outages. According to Dragos, the incident involved breaches of Remote Terminal Units and communication infrastructure at the affected sites, with the attackers employing exposed network devices and exploited vulnerabilities as initial access vectors, and the attackers wiping Windows‑based devices to impede recovery at approximately 30 distributed generation sites.
The analysis also highlights overlaps between ELECTRUM and other groups such as KAMACITE and Sandworm, with KAMACITE focusing on initial access and ELECTRUM on execution tradecraft once access is gained. Dragos also noted that the Poland attack was more opportunistic and rushed than a meticulously planned operation, but demonstrated OT‑specific capabilities targeting grid safety and stability monitoring. According to Dragos, the division of labour between these clusters allows OT impact to remain a possibility even if not immediately exercised.