The article reports that Poland’s energy sector was hit by a destructive “wiper” attack on December 29–30, 2025, targeting two combined heat-and-power (CHP) plants and also a system used to manage electricity produced from renewables (like wind and solar). Polish officials said the attack failed and caused no blackout or other negative consequences, but the country’s energy minister described it as one of the strongest attacks Poland has faced in years. Researchers at ESET later attributed the activity to Russia’s Sandworm group with medium confidence, saying they saw strong overlap with Sandworm’s prior wiper operations.

ESET analyzed the wiping malware involved and named it DynoWiper (detected as Win32/KillFiles.NMO), but the Dark Reading piece notes that technical details were limited at the time. The article places the incident in context: Sandworm is widely known for destructive, geopolitically motivated operations—most famously the 2015 Ukraine power grid disruption (BlackEnergy) and the 2017 NotPetya outbreak—along with other disruptive tooling like Industroyer/CrashOverride. The broader takeaway is that even “failed” wiper attempts against critical infrastructure matter, because they signal capability and intent, and they can be repeated until defenders slip.

Source: https://www.darkreading.com/threat-intelligence/sandworm-wiper-attack-poland-power-grid