In late December a coordinated attack on Poland’s power grid targeted multiple distributed energy resource (DER) sites—including combined heat and power (CHP) facilities and wind and solar dispatch systems—and affected at least 12 confirmed sites, with Dragos estimating around 30. Although attackers damaged OT equipment beyond repair and wiped Windows systems, they failed to cut power (about 1.2 GW or 5% of supply); Dragos attributes the campaign with moderate confidence to the Russian-linked Electrum group, which deployed destructive wipers such as DynoWiper, Caddywiper and Industroyer2 and disrupted RTUs, edge devices, and communications—raising risks of frequency instability. #Electrum #DynoWiper
Keypoints
- Multiple DER sites across Poland, including CHP, wind, and solar systems, were compromised in late December.
- At least 12 sites were publicly confirmed while Dragos estimates about 30 affected locations.
- Attackers damaged OT equipment beyond repair and wiped Windows systems, but did not cause power outages totaling 1.2 GW (5%).
- Dragos attributes the operation to the Russian-linked threat actor Electrum, which has used wipers like DynoWiper, Caddywiper, and Industroyer2.
- Attackers showed deep knowledge of RTU and edge-device deployments and disrupted remote monitoring and communications, risking frequency instability.