PEP A.I CyberSecurity Scoring
PEP
Company Information
Website:http://www.pepsa.com.pl
Employees number:5
Number of followers:0
NAICS:
Industry Type:Renewables & Environment
Homepage:pepsa.com.pl
PEP Risk Score (AI oriented)
Between 750 and 799
PEPRenewables & Environment
Updated:
15/04/2026
15/04/2026
761/1000
Fair
Baa
PEP Global Score (TPRM)
xxxx
PEPRenewables & Environment
Score locked

PEPFair
Current Score
761Baa (FAIR)
01000
3 incidents
-15 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
764
JUNE 2026
763
MAY 2026
762
APRIL 2026
761
MARCH 2026
760
FEBRUARY 2026
759
JANUARY 2026
773
Cyber Attack
30 Jan 2026 • PEP
Polish heat-and-power plant and Polish manufacturing firm: Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report
Russian Hackers Target Poland’s Energy Sector in Destructive Cyberattack
758
CRITICAL-15
POL1774823214
Russian Hackers Target Poland’s Energy Sector in Destructive Cyberattack
Polish authorities revealed details of a coordinated cyberattack last month that targeted the country’s grid infrastructure, including a heat-and-power plant, wind and solar farms, and a manufacturing firm. The attackers, believed to be the Russian hacking group Berserk Bear (linked to Russia’s FSB), exploited weak security measures such as default credentials and the absence of multi-factor authentication to gain deep access to critical systems.
The intrusion at the heat-and-power plant began between March and July 2023, with hackers conducting reconnaissance and stealing sensitive operational data before deploying a wiper malware, DynoWiper, on December 29. The attack aimed to erase files on over 100 workstations, but an intrusion-detection system blocked the malicious code before it could fully execute. At wind and solar farms, attackers successfully bricked remote terminal units (RTUs) by replacing firmware with malicious versions, disrupting monitoring and control systems.
While the attack caused operational disruptions, investigators confirmed it did not affect power stability in Poland. The combined output of the compromised sites would not have impacted the national grid, contradicting earlier claims that 500,000 users could have been affected. The Polish Computer Emergency Response Team (CERT) attributed the attack to Berserk Bear, noting that while the group has historically focused on espionage, this incident marks a shift toward destructive operations.
Security failures played a key role in the breach. Many systems used default credentials, including a Hitachi RTU with an admin account named "Default." Some FortiGate VPN firewalls lacked multi-factor authentication, allowing attackers to bypass defenses. Additionally, outdated firmware and disabled security features on RTUs enabled the installation of malicious firmware.
The attack coincided with winter storms and low temperatures, leading investigators to liken it to "deliberate acts of arson." While the heat-and-power plant’s defenses mitigated the worst damage, the wind and solar farms suffered operational disruptions. A separate, opportunistic attack on a manufacturing firm using a different wiper, LazyWiper was also detected, though its impact remains unclear.
The incident underscores the growing threat of state-backed cyberattacks on critical infrastructure, with Russian hacking groups expanding beyond espionage to potentially disruptive operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
787
Cyber Attack
25 Dec 2025 • PEP
Polish Power Grid: Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
Russian State-Sponsored Hackers Target Polish Power Grid in First Major DER Cyberattack
772
CRITICAL-15
POL1769632981
Russian State-Sponsored Hackers Target Polish Power Grid in First Major DER Cyberattack
In late December 2025, a coordinated cyberattack struck multiple sites across Poland’s power grid, marking the first major assault on distributed energy resources (DERs). Cybersecurity firm Dragos attributed the incident with medium confidence to ELECTRUM, a Russian state-sponsored hacking group linked to the broader Sandworm (APT44/Seashell Blizzard) threat cluster.
The attack disrupted communication and control systems at combined heat and power (CHP) facilities and renewable energy dispatch systems, including wind and solar sites. While no power outages occurred, adversaries compromised operational technology (OT) systems critical to grid operations, permanently disabling key equipment. The breach targeted Remote Terminal Units (RTUs) and communication infrastructure, exploiting exposed network devices and vulnerabilities to gain access.
Dragos highlighted a division of labor between ELECTRUM and its sister group, KAMACITE, which specializes in initial access via spear-phishing, credential theft, and exposed service exploitation. KAMACITE conducts prolonged reconnaissance and persistence, while ELECTRUM executes OT-specific actions ranging from manual interface manipulation to deploying ICS malware when conditions align. Recent activity in July 2025 saw KAMACITE scanning U.S. industrial devices, underscoring a geographically unbound operational model.
The Poland attack, though assessed as opportunistic and rushed, inflicted significant damage by wiping Windows-based devices, resetting configurations, and permanently bricking equipment primarily targeting grid safety and stability monitoring systems. While the full scope of malicious actions remains unclear, the incident confirms that OT-capable adversaries are actively targeting distributed generation systems, shifting from pre-positioning to direct, destructive attacks. The breach exposed vulnerabilities in DER infrastructure, demonstrating how unauthorized access can escalate into irreversible physical disruption.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
NOVEMBER 2025
787
OCTOBER 2025
787
SEPTEMBER 2025
786
AUGUST 2025
786
JANUARY 2025
798
Cyber Attack
01 Jan 2025 • PEP
Polish power grid: Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Russian-Linked Hackers Target Swedish Power Plant in Failed Cyberattack
783
CRITICAL-15
POL1776270886
Russian-Linked Hackers Target Swedish Power Plant in Failed Cyberattack
In early 2025, Russian government-affiliated hackers attempted to disrupt operations at a Swedish thermal power plant, marking another escalation in cyber threats against critical infrastructure. Sweden’s Minister of Civil Defense, Carl-Oskar Bohlin, revealed the incident during a press conference, attributing the attack to groups with ties to Russian intelligence and security services.
While the hackers failed to breach the plant thanks to built-in security measures Bohlin warned that such attacks are growing more aggressive. "Pro-Russian groups that once relied on denial-of-service attacks are now pursuing destructive cyber operations across Europe," he stated.
The incident follows a pattern of Russian-linked cyberattacks on energy and water systems in Europe. In December 2025, Poland accused Russia of attempting to sabotage its power grid, while earlier that year, hackers briefly seized control of a Norwegian dam, releasing millions of gallons of water before being expelled. Ukraine has also faced repeated attacks, including a 2024 strike on a Lviv energy provider that left hundreds without heat during freezing temperatures.
Russia’s history of targeting critical infrastructure dates back to 2015, when cyberattacks caused widespread blackouts in Ukraine. The latest incidents underscore the rising threat of hybrid warfare, where cyber operations aim to inflict real-world disruption. Russia has not responded to requests for comment.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PEP ??
What was PEP's A.I Rankiteo Cyber Score in June 2026 ??
What was PEP's A.I Rankiteo Cyber Score in May 2026 ??
What was PEP's A.I Rankiteo Cyber Score in April 2026 ??
What was PEP's A.I Rankiteo Cyber Score in March 2026 ??
What was PEP's A.I Rankiteo Cyber Score in February 2026 ??
What was PEP's A.I Rankiteo Cyber Score in January 2026 ??
What was PEP's A.I Rankiteo Cyber Score in December 2025 ??
What was PEP's A.I Rankiteo Cyber Score in November 2025 ??
What was PEP's A.I Rankiteo Cyber Score in October 2025 ??
What was PEP's A.I Rankiteo Cyber Score in September 2025 ??
What was PEP's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PEP's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PEP ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PEP's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?