Poland experienced a 2.5-fold increase in cyberattacks in 2025, including a destructive December assault on energy infrastructure that officials suspect originated from Russia. CERT Polska and security firms like ESET linked technical indicators and data-wiping tactics to Russian-associated clusters, underscoring an unprecedented escalation against NATO/EU energy systems. #Sandworm #Dragonfly
Keypoints
- Poland reported 270,000 cyberattacks over the past year, about 2½ times the previous year.
- On Dec. 29, coordinated strikes targeted a combined heat and power plant and multiple wind and solar farms, with sabotage rather than financial gain.
- CERT Polska published a technical report and requested community input, calling the incident a significant escalation.
- Infrastructure and malware indicators were linked to Russian-associated groups Dragonfly (Static Tundra/Berserk Bear) and Sandworm, tied to FSB Center 16 and the GRU.
- The Polish government has bolstered cyber defenses since 2022, warning that attacks on larger energy units could threaten grid stability.