Russian Cyberattack Targets Poland’s Distributed Energy Grid, Disrupts Critical Systems In late December, a coordinated cyberattack attributed to Russia’s Sandworm hacking group targeted Poland’s power grid, compromising control and communications systems at approximately 30 distributed energy facilities. While Polish officials confirmed the attack was thwarted before causing a blackout potentially affecting up to half a million residents new findings from cybersecurity firm Dragos reveal the incident had a measurable impact on operational technology (OT) systems. The attack focused on combined heat and power plants, as well as renewable energy dispatch systems for wind and solar sites. Though the national transmission grid remained unaffected and power supplies stayed intact, adversaries disabled critical equipment beyond repair, severing remote monitoring and control capabilities. Dragos noted that while the hackers gained access to systems essential for grid operations, it remains unclear whether they attempted to issue operational commands or solely disrupted communications. Unlike past attacks on centralized infrastructure, this incident highlights the growing threat to distributed energy systems, which are often less protected due to their reliance on remote connectivity. Dragos emphasized that such attacks require deep knowledge of system implementations, underscoring the sophistication of the operation. The attack aligns with earlier reports from ESET, which identified Sandworm’s use of the data-wiping malware DynoWiper. Sandworm, linked to Russia’s military intelligence agency (GRU), has a history of high-profile destructive cyberattacks, including previous strikes on Ukraine’s power grid. This incident marks another escalation in Russia’s cyber warfare tactics targeting critical infrastructure.