Cybersecurity firm ESET identifies a new data-wiping virus used against Polish power plants. Prime Minister Donald Tusk confirms the attack was defeated without any loss of power to the public.
Poland has narrowly avoided a massive energy crisis following what officials are calling the largest cyberattack on the country in years. Between 29 and 30 December 2025, hackers attempted to break into the nation’s energy infrastructure, specifically targeting two combined heat and power (CHP) plants and systems that manage wind and solar energy.
For your information, these plants are vital because they don’t just provide electricity; they also pump heat into local homes and businesses. Experts from the cybersecurity firm ESET have now linked the attempt to a notorious Russian hacking group known as Sandworm (APT44 and Seashell Blizzard). This group is widely believed to be part of the GRU (Glavnoye Razvedyvatelnoye Upravleniye, or Main Intelligence Directorate), Russia’s military intelligence service, operating under the name Unit 74455.
A Dangerous New Tool
Research into this incident reveals that the hackers didn’t just want to spy; they wanted to destroy. They deployed a new type of wiper malware, which is a type of malicious software that acts like a shredder, permanently erasing data to make computers stop working. Robert Lipovsky, a lead researcher at ESET, has named this specific version DynoWiper.
According to ESET’s research, the hackers managed to get inside the systems; however, they failed to cause any damage. Prime Minister Donald Tusk confirmed that Poland’s security measures held firm, and at no point was the actual power supply to the public at risk.
“Everything indicates that these attacks were prepared by groups directly linked to the Russian services,” PM Tusk said in a press conference. But, if the attack had been successful, it could have potentially left half a million people without power or heat in the middle of winter.
History Repeating Itself?
The timing of the attack seems far from accidental. It is worth noting that this incident occurred exactly ten years after Sandworm carried out the first-ever successful hack of a power grid in Ukraine back in December 2015. In that historic case, they used a virus called BlackEnergy to leave 230,000 people in the dark.
Sandworm has remained pretty active throughout 2025, regularly hitting Ukrainian water and heating facilities with other wipers like Zerolot and Sting. By turning their attention to Poland, they are showing that they are willing to target nations beyond the immediate war zone.
To prevent future scares, the Polish government is now fast-tracking the National Cybersecurity System Act.
“I have mobilised my ministers and special services to work at full capacity. We must be prepared for any eventuality,” the PM added.
This law will force energy providers to meet much higher security standards, ensuring that foreign states cannot easily interfere with the country’s essential services.