The article says Poland suffered a major attempted cyberattack against its power system on December 29–30, 2025, targeting two combined heat-and-power (CHP) plants and a renewable energy management system. Polish officials described it as one of the largest cyberattacks the country has faced in years, but they also said it was stopped before it could cause a blackout or compromise critical infrastructure. Security researchers at ESET attribute the operation to Sandworm (a Russia-linked group also known as APT44/Voodoo Bear) based on the malware and tactics used.

ESET says the attackers deployed a new data-wiping malware called DynoWiper (detected as Win32/KillFiles.NMO), designed to delete files and disable systems—yet no successful disruption was observed. The piece notes the symbolic timing: the attempted Polish attack came about 10 years after Sandworm’s BlackEnergy-powered disruption of Ukraine’s grid, reinforcing the idea that Sandworm continues to focus on destructive operations against critical infrastructure (especially around Ukraine and the region). SecurityWeek also notes that ESET has not published deep technical details on DynoWiper at this time.

Source: https://www.securityweek.com/russian-sandworm-hackers-blamed-for-cyberattack-on-polish-power-grid/