ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

ESET Research has attributed a cyberattack targeting Poland's power grid in late 2025 to the Sandworm threat actor group. The incident involved the deployment of specialized data-wiping malware, newly identified and named DynoWiper by researchers. This campaign highlights the persistent threat posed by state-sponsored actors against critical energy infrastructure. The use of wiper malware indicates an intent to disrupt operations and destroy data rather than seek financial gain. Organizations within the energy sector should prioritize network segmentation, robust backup strategies, and continuous monitoring for suspicious activity. Immediate mitigation involves patching known vulnerabilities associated with Sandworm TTPs and implementing application allowlisting to prevent unauthorized executable deployment. The attribution to Sandworm suggests geopolitical motivations, necessitating heightened vigilance among NATO allies and European infrastructure providers against similar destructive campaigns.

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper

ESET Research has attributed a cyberattack targeting Poland's power grid in late 2025 to the Sandworm threat actor group. The incident involved the deployment of specialized data-wiping malware, newly identified and named DynoWiper by researchers. This campaign highlights the persistent threat posed by state-sponsored actors against critical energy infrastructure. The use of wiper malware indicates an intent to disrupt operations and destroy data rather than seek financial gain. Organizations within the energy sector should prioritize network segmentation, robust backup strategies, and continuous monitoring for suspicious activity. Immediate mitigation involves patching known vulnerabilities associated with Sandworm TTPs and implementing application allowlisting to prevent unauthorized executable deployment. The attribution to Sandworm suggests geopolitical motivations, necessitating heightened vigilance among NATO allies and European infrastructure providers against similar destructive campaigns. The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper