A recent attack on Poland’s power grid targeted communication and control systems across roughly 30 sites, compromising RTUs and other OT devices and causing irreversible ICS damage at some locations. Dragos attributes the operation with moderate confidence to Electrum (related to Sandworm), while ESET reported Sandworm deployed wiper malware; the attackers focused on disrupting monitoring and bricking equipment rather than causing outages. #PolandPowerGrid #Electrum #Sandworm #Dragos #RTU
Keypoints
- The attack targeted distributed energy resource communication and control systems at about 30 sites.
- Operational technology at CHP plants and renewable dispatch centers was compromised, focusing on safety and stability monitoring.
- Some industrial control system devices, including RTUs, were irreparably bricked despite no recorded power outages.
- Dragos links the operation with moderate confidence to Electrum, while ESET attributed wiper malware deployment to Sandworm.
- Dragos assesses the operation was rushed and opportunistic, lacking the coordinated sequencing needed to trigger outages.
Read More: https://www.securityweek.com/ics-devices-bricked-in-russia-linked-strike-on-polish-power-grid/