Overview
- Polish officials say attempts on December 29–30 targeted two combined heat and power plants and a system managing electricity from wind and photovoltaic farms.
- ESET identified a new destructive wiper dubbed DynoWiper and attributed the operation to the Sandworm group with medium confidence based on malware and TTP overlaps.
- No service disruption has been confirmed, with ESET and Prime Minister Donald Tusk saying critical infrastructure was not threatened and defenses held.
- Threat indicators were shared with defenders as investigations continue, and researchers note the timing coincided with the 10‑year mark of Sandworm’s 2015 Ukraine grid attack.
- Poland is fast‑tracking a National Cybersecurity System Act to implement NIS2, while authorities report arrests tied to suspected Russian espionage and pursue closer NATO coordination.