Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Polish Energy Partners

Polish Energy Partners Vendor Cyber Rating & Cyber Score

pepsa.com.pl

Polish Energy Partners is one of the leaders of energy projects implemented on the basis of renewable energy sources. The Company’s field of expertise is the development, implementation and operation of projects related to production of electricity and heat, as well as fuels. The facilities the Company operates produce over 8% of the renewable energy obtained from wind and biomass in Poland. The Company offers services in the following energy market segments: a/ outsourcing of industrial energy, in particular for the paper industry, including: - operator services, - production and sales of heat and electricity, b/ development and sales of wind farms, c/ operation of wind farms, d/ production of pellets from agricultural


PEP A.I CyberSecurity Scoring

PEP
Company Information
Website:http://www.pepsa.com.pl
Employees number:5
Number of followers:0
NAICS:
Industry Type:Renewables & Environment
Homepage:pepsa.com.pl
PEP Risk Score (AI oriented)
Between 750 and 799
logo
PEPRenewables & Environment
Updated:
15/04/2026
761/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
PEP Global Score (TPRM)
xxxx
logo
PEPRenewables & Environment
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

PEP
PEPFair
Current Score
761Baa (FAIR)
01000
3 incidents
-15 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
764Before Incident
JUNE 2026
763Before Incident
MAY 2026
762Before Incident
APRIL 2026
761Before Incident
MARCH 2026
760Before Incident
FEBRUARY 2026
759Before Incident
JANUARY 2026
773Before Incident
Cyber Attack
30 Jan 2026PEP
Polish heat-and-power plant and Polish manufacturing firm: Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report

Russian Hackers Target Poland’s Energy Sector in Destructive Cyberattack

758After Incident
CRITICAL-15
POL1774823214
Russian Hackers Target Poland’s Energy Sector in Destructive Cyberattack Polish authorities revealed details of a coordinated cyberattack last month that targeted the country’s grid infrastructure, including a heat-and-power plant, wind and solar farms, and a manufacturing firm. The attackers, believed to be the Russian hacking group Berserk Bear (linked to Russia’s FSB), exploited weak security measures such as default credentials and the absence of multi-factor authentication to gain deep access to critical systems. The intrusion at the heat-and-power plant began between March and July 2023, with hackers conducting reconnaissance and stealing sensitive operational data before deploying a wiper malware, DynoWiper, on December 29. The attack aimed to erase files on over 100 workstations, but an intrusion-detection system blocked the malicious code before it could fully execute. At wind and solar farms, attackers successfully bricked remote terminal units (RTUs) by replacing firmware with malicious versions, disrupting monitoring and control systems. While the attack caused operational disruptions, investigators confirmed it did not affect power stability in Poland. The combined output of the compromised sites would not have impacted the national grid, contradicting earlier claims that 500,000 users could have been affected. The Polish Computer Emergency Response Team (CERT) attributed the attack to Berserk Bear, noting that while the group has historically focused on espionage, this incident marks a shift toward destructive operations. Security failures played a key role in the breach. Many systems used default credentials, including a Hitachi RTU with an admin account named "Default." Some FortiGate VPN firewalls lacked multi-factor authentication, allowing attackers to bypass defenses. Additionally, outdated firmware and disabled security features on RTUs enabled the installation of malicious firmware. The attack coincided with winter storms and low temperatures, leading investigators to liken it to "deliberate acts of arson." While the heat-and-power plant’s defenses mitigated the worst damage, the wind and solar farms suffered operational disruptions. A separate, opportunistic attack on a manufacturing firm using a different wiper, LazyWiper was also detected, though its impact remains unclear. The incident underscores the growing threat of state-backed cyberattacks on critical infrastructure, with Russian hacking groups expanding beyond espionage to potentially disruptive operations.
INCIDENT DETAILS -
TYPE
Cyberattack (Wiper Malware, Firmware Tampering)
MOTIVATION
EspionageDisruption of critical infrastructureDestructive operations
IMPACT
Data Compromised: Sensitive operational dataHeat-and-power plant workstationsWind and solar farm RTUsManufacturing firm systemsDowntime: Operational disruptions at wind and solar farmsOperational Impact: Disrupted monitoring and control systems; bricked RTUs
DATA BREACH
Type Of Data Compromised: Operational dataSensitivity Of Data: High (critical infrastructure operational data)Data Exfiltration: Yes (reconnaissance phase)
DECEMBER 2025
787Before Incident
Cyber Attack
25 Dec 2025PEP
Polish Power Grid: Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

Russian State-Sponsored Hackers Target Polish Power Grid in First Major DER Cyberattack

772After Incident
CRITICAL-15
POL1769632981
Russian State-Sponsored Hackers Target Polish Power Grid in First Major DER Cyberattack In late December 2025, a coordinated cyberattack struck multiple sites across Poland’s power grid, marking the first major assault on distributed energy resources (DERs). Cybersecurity firm Dragos attributed the incident with medium confidence to ELECTRUM, a Russian state-sponsored hacking group linked to the broader Sandworm (APT44/Seashell Blizzard) threat cluster. The attack disrupted communication and control systems at combined heat and power (CHP) facilities and renewable energy dispatch systems, including wind and solar sites. While no power outages occurred, adversaries compromised operational technology (OT) systems critical to grid operations, permanently disabling key equipment. The breach targeted Remote Terminal Units (RTUs) and communication infrastructure, exploiting exposed network devices and vulnerabilities to gain access. Dragos highlighted a division of labor between ELECTRUM and its sister group, KAMACITE, which specializes in initial access via spear-phishing, credential theft, and exposed service exploitation. KAMACITE conducts prolonged reconnaissance and persistence, while ELECTRUM executes OT-specific actions ranging from manual interface manipulation to deploying ICS malware when conditions align. Recent activity in July 2025 saw KAMACITE scanning U.S. industrial devices, underscoring a geographically unbound operational model. The Poland attack, though assessed as opportunistic and rushed, inflicted significant damage by wiping Windows-based devices, resetting configurations, and permanently bricking equipment primarily targeting grid safety and stability monitoring systems. While the full scope of malicious actions remains unclear, the incident confirms that OT-capable adversaries are actively targeting distributed generation systems, shifting from pre-positioning to direct, destructive attacks. The breach exposed vulnerabilities in DER infrastructure, demonstrating how unauthorized access can escalate into irreversible physical disruption.
INCIDENT DETAILS -
TYPE
Cyberattack on Critical Infrastructure
MOTIVATION
State-sponsored disruption, operational technology targeting
IMPACT
Combined heat and power (CHP) facilitiesRenewable energy dispatch systems (wind and solar)Remote Terminal Units (RTUs)Communication infrastructureOperational Impact: Permanent disabling of key equipment, disruption of grid safety and stability monitoring systems
NOVEMBER 2025
787Before Incident
OCTOBER 2025
787Before Incident
SEPTEMBER 2025
786Before Incident
AUGUST 2025
786Before Incident
JANUARY 2025
798Before Incident
Cyber Attack
01 Jan 2025PEP
Polish power grid: Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant

Russian-Linked Hackers Target Swedish Power Plant in Failed Cyberattack

783After Incident
CRITICAL-15
POL1776270886
Russian-Linked Hackers Target Swedish Power Plant in Failed Cyberattack In early 2025, Russian government-affiliated hackers attempted to disrupt operations at a Swedish thermal power plant, marking another escalation in cyber threats against critical infrastructure. Sweden’s Minister of Civil Defense, Carl-Oskar Bohlin, revealed the incident during a press conference, attributing the attack to groups with ties to Russian intelligence and security services. While the hackers failed to breach the plant thanks to built-in security measures Bohlin warned that such attacks are growing more aggressive. "Pro-Russian groups that once relied on denial-of-service attacks are now pursuing destructive cyber operations across Europe," he stated. The incident follows a pattern of Russian-linked cyberattacks on energy and water systems in Europe. In December 2025, Poland accused Russia of attempting to sabotage its power grid, while earlier that year, hackers briefly seized control of a Norwegian dam, releasing millions of gallons of water before being expelled. Ukraine has also faced repeated attacks, including a 2024 strike on a Lviv energy provider that left hundreds without heat during freezing temperatures. Russia’s history of targeting critical infrastructure dates back to 2015, when cyberattacks caused widespread blackouts in Ukraine. The latest incidents underscore the rising threat of hybrid warfare, where cyber operations aim to inflict real-world disruption. Russia has not responded to requests for comment.
INCIDENT DETAILS -
TYPE
Cyberattack
MOTIVATION
Disruption of critical infrastructure, hybrid warfare
IMPACT
Systems Affected: Thermal power plant operationsOperational Impact: Attempted disruption (failed)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for PEP ?
?
What was PEP's A.I Rankiteo Cyber Score in June 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in May 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in April 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in March 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in February 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in January 2026 ?
?
What was PEP's A.I Rankiteo Cyber Score in December 2025 ?
?
What was PEP's A.I Rankiteo Cyber Score in November 2025 ?
?
What was PEP's A.I Rankiteo Cyber Score in October 2025 ?
?
What was PEP's A.I Rankiteo Cyber Score in September 2025 ?
?
What was PEP's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on PEP's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with PEP ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view PEP's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?