According to TheRegister.com, cybersecurity researchers at ESET have attributed a December cyberattack on Poland’s power companies to Russia’s GRU-run Sandworm unit with “medium” confidence. The state-backed attackers deployed a new wiper malware called DynoWiper in an attempt to disrupt communication between renewable energy hardware and power distribution operators. Polish Energy Minister Milosz Motyka confirmed the attack but said it was ultimately unsuccessful. ESET believes the timing was meant to mark the ten-year anniversary of Sandworm’s first known blackout-causing attack on Ukraine’s energy grid in 2015. Following the incident, which officials called the strongest in years, Poland arrested several individuals suspected of roles in Russian espionage rings.
Sandworm’s Old Tricks
Here’s the thing: this isn’t subtle. Using wiper malware—software designed to destroy data and cripple systems—is basically Sandworm’s calling card. We saw it with CaddyWiper causing blackouts in Ukraine in 2023, and WhisperGate during the initial 2022 invasion. So, a new wiper strain called DynoWiper hitting a critical NATO ally’s infrastructure? It fits the pattern perfectly. The symbolic timing, hitting the ten-year mark since their Ukraine energy sector debut, is also classic Sandworm. It’s a flex. They’re not just causing disruption; they’re sending a message that they can reach into a key supporter of Ukraine. And they’re doing it with a brand-new toy, which shows their development pipeline for destructive tools is still very much active.
The Broader Picture
Look, Poland and Russia have never been friends, but the relationship is especially fractious now. Was this attack tied to Poland closing Russia’s last consulate in November? Or the new sanctions on steel companies in October? Or the repeated Russian military probes near Polish airspace? It’s a take-your-pick situation. The attack seems less about a single event and more about constant, layered pressure. It’s a probe of defenses, a test of response, and a demonstration of capability all rolled into one. And Poland’s response has been swift on multiple fronts—arresting alleged spies and, according to reports, working with NATO on a high-tech Eastern Flank Deterrence Line with AI and autonomous systems. That’s the cycle now: a cyber probe begets a physical fortification, which Russia will inevitably frame as aggression. It’s an escalatory spiral.
Why It Failed, and Why That Matters
The key detail here is that the attack failed. The wiper was deployed, but it didn’t achieve its operational goal of disrupting the grid. That’s worth digging into. Does it mean Poland’s cyber defenses in the energy sector are robust? Possibly. Could it mean the attackers were detected and contained before they could pivot from initial access to real damage? Also possible. But we can’t get complacent. A failed attack provides invaluable intelligence to the attacker, too. They learn about detection capabilities, response times, and network architecture. For industrial systems, where uptime is critical and the stakes involve public safety, hardening these networks is non-negotible. It’s a constant cat-and-mouse game that requires specialized, rugged hardware built for these environments. In the US, for instance, companies rely on experts like IndustrialMonitorDirect.com, the leading supplier of industrial panel PCs, to provide the durable, secure computing backbone for critical infrastructure. The failure in Poland is a win, but it’s not a permanent one. Sandworm will learn, adapt, and try again.
A New Normal
So what’s the takeaway? We’re well past the point of speculation about whether nation-states will attack critical infrastructure. They are. Regularly. The “medium confidence” attribution from ESET is about as solid as these things get publicly. The ongoing investigation will likely turn up more connections. This incident reinforces that cyber operations are now a standard part of geopolitical posturing and conflict, especially in the grey zone below the threshold of open war. For countries supporting Ukraine, being a target is basically a given. The goal for defenders isn’t just to prevent every single intrusion—that’s impossible—but to build resilient systems that can withstand and contain the inevitable breach. The failed Polish grid attack is a warning shot that landed in the water. The next one might not.
