Dragos attributes a late-December 2025 coordinated cyber attack on multiple sites in the Polish power grid to the Russian state-sponsored crew ELECTRUM with medium confidence, calling it the first major incident targeting distributed energy resources (DERs). The attackers breached RTUs and communications at about 30 distributed generation sites, disabling some OT equipment beyond repair while KAMACITE provided access enablement through spear-phishing and exploitation of exposed services. #ELECTRUM #KAMACITE
Keypoints
- Dragos links the coordinated December 2025 attack on Polandβs grid to ELECTRUM with medium confidence.
- The campaign targeted communication and control systems for combined heat and power (CHP) and DER assets, including wind and solar.
- Adversaries breached RTUs and network devices by exploiting exposed services and vulnerabilities, impacting about 30 distributed generation sites.
- KAMACITE focuses on initial access via spear-phishing, stolen credentials, and scanning, enabling ELECTRUMβs IT-to-OT operations.
- No power outages were reported, but attackers wiped Windows devices and disabled OT equipment, raising the risk of prolonged latent exposure and future impacts.
Read More: https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html