The Polish government has reported that Russian government hackers breached parts of the country’s energy grid infrastructure, exploiting poor security measures. On Friday, Poland’s Computer Emergency Response Team, which operates under the Ministry of Digital Affairs, released a technical report detailing an incident from late last year. In that incident, suspected Russian government hackers infiltrated wind and solar farms as well as a heat-and-power plant.
According to the report, the hackers encountered little resistance. The targeted systems were configured with default usernames and passwords and lacked multi-factor authentication, representing fundamental security failures.
The hackers attempted to infect the compromised systems with wiper malware designed to erase and destroy them, potentially to shut off power, though their precise goal remains unclear. The attacks were halted at the heat-and-power plant, but not at the wind and solar farms. At those renewable energy sites, the malware rendered the systems for monitoring and controlling the grid inoperable.
The report described the attacks as purely destructive, comparing them to deliberate acts of arson in the physical world. Despite the intrusions, the hackers failed to disrupt power at any of the targeted facilities. The report also stated that even a successful attack would not have affected the stability of the Polish power system during that period.
Cybersecurity firms ESET and Dragos previously issued reports on these attacks, which occurred on December 29 of last year. Those reports attributed the intrusions to the notorious Russian government hacking group Sandworm. Sandworm has a documented history of targeting energy infrastructure in Ukraine, including causing power outages in 2015, 2016, and 2022.
However, Poland’s CERT attributed the activity to a different Russian government hacking group known as Berserk Bear or Dragonfly. This group is typically associated with cyberespionage rather than destructive attacks.