A failed December effort to bring down parts of Poland’s energy grid was the work of Russian government hackers known for causing past energy disruptions, according to a security research firm that investigated the incident.
Last week, Polish Energy Minister Milosz Motyka told reporters that the attempted cyberattack on December 29 and 30 saw hackers targeting two heat and power plants. The attackers also tried to disrupt the communication links between renewable installations, such as wind turbines, and power distribution operators.
Motyka called the incident the strongest attack on Poland’s energy infrastructure in years, with the Polish government blaming Moscow for the attempt. Local media reported that the attacks could have knocked out heat and power for at least half a million homes across the country.
On Friday, cybersecurity firm ESET said it obtained a copy of the destructive malware, which it calls DynoWiper. This type of malware, known as wiper malware, is designed to irreversibly destroy data on computers to prevent them from working.
ESET attributed the malware with medium confidence to the hacking group known as Sandworm, a unit within Russia’s military intelligence agency GRU. This attribution is based on a strong overlap with its previous research into Sandworm’s past malware, including the group’s use of destructive malware to target Ukraine’s energy sector.
The cyberattacks targeting Poland come almost exactly a decade after Sandworm’s first-known cyberattack on Ukraine’s energy infrastructure in 2015. That attack caused power outages for more than 230,000 homes around Kyiv, the country’s capital. A similar cyberattack hit Ukraine’s energy systems a year later.
Following the attempted hack, Poland’s prime minister, Donald Tusk, said that the country’s cybersecurity defenses worked, and at no point was critical infrastructure threatened.