Overview
- Polish officials say the December 29–30 operation targeted two combined heat-and-power plants and communications between renewable installations and power distribution operators.
- ESET obtained and analyzed a previously undocumented wiper dubbed DynoWiper, designed to irreversibly destroy files and render systems inoperable.
- Researchers say there is no evidence of successful disruption, echoing Prime Minister Donald Tusk’s statement that critical infrastructure was not threatened.
- Attribution rests on code and behavioral overlaps with past Sandworm operations, with the group widely tied by U.S. and U.K. authorities to Russia’s GRU.
- Poland is preparing extra safeguards, including stricter IT and OT cybersecurity requirements, as the attempt coincided with the 10th anniversary of Sandworm’s 2015 Ukraine grid attack.