Breaking News

Russian hackers exploited weak security to breach parts of Poland’s power grid

Polish government authorities have disclosed that suspected Russian state-backed hackers breached elements of the country’s energy infrastructure late last year by exploiting basic cybersecurity lapses, according to a newly released technical report.

Poland’s Computer Emergency Response Team (CERT), which operates under the Ministry of Digital Affairs, said the attackers gained access to systems at wind and solar power installations as well as a combined heat-and-power plant. The incident occurred in late December and highlighted serious security shortcomings across parts of the energy sector.

Basic security failures enabled intrusion

According to the CERT report, the attackers encountered minimal resistance after accessing the targeted systems. Several of the compromised environments were running with default usernames and passwords and lacked multi-factor authentication—widely regarded as fundamental cybersecurity safeguards.

“These weaknesses significantly reduced the effort required to compromise the systems,” the report noted, adding that such oversights created a favorable environment for the intrusions.

Once inside, the attackers attempted to deploy destructive “wiper” malware designed to erase data and render systems inoperable. While the precise objective of the campaign remains unclear, Polish authorities said the malware could have been intended to disable operational systems that support energy generation and grid monitoring.

Attacks halted, impact limited

The malware deployment was successfully stopped at the heat-and-power plant. However, at the wind and solar facilities, systems used to monitor and control grid-related functions were rendered inoperable. Despite this, the attacks did not result in any disruption to electricity supply.

“All of the attacks were purely destructive in nature and can be compared to deliberate acts of arson,” the report stated.

Poland’s CERT stressed that even if the attackers had succeeded in disrupting operations, the incidents would not have threatened the overall stability of the national power system during the period in question.

Earlier assessments by cybersecurity firms ESET and Dragos linked the December 29 attacks to Sandworm, a well-known Russian hacking group with a history of targeting energy infrastructure in Ukraine, including power outages in 2015, 2016, and 2022.

However, Polish authorities attributed the intrusions to a different Russian state-linked group known as Berserk Bear, also referred to as Dragonfly. Unlike Sandworm, Berserk Bear is more commonly associated with cyberespionage rather than overtly destructive operations.

The incident underscores growing concerns among European governments about the resilience of critical infrastructure and the risks posed by inadequate cybersecurity practices amid heightened geopolitical tensions.