ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

ESET researchers have attributed a cyberattack targeting Poland's power grid in late 2025 to the Russian state-sponsored advanced persistent threat group Sandworm. The attack employed a destructive data-wiping malware, now identified and named DynoWiper. This incident represents a significant escalation in critical infrastructure targeting, with potential to cause widespread power outages affecting essential services and civilian populations. The use of a novel wiper malware demonstrates continued development of destructive capabilities by Sandworm, which has a history of attacks on Ukrainian infrastructure. Organizations managing energy and utility systems should immediately review network defenses, implement robust backup procedures, and enhance monitoring for similar destructive malware signatures. Critical infrastructure operators are advised to prioritize incident response planning and threat intelligence sharing.

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper

ESET researchers have attributed a cyberattack targeting Poland's power grid in late 2025 to the Russian state-sponsored advanced persistent threat group Sandworm. The attack employed a destructive data-wiping malware, now identified and named DynoWiper. This incident represents a significant escalation in critical infrastructure targeting, with potential to cause widespread power outages affecting essential services and civilian populations. The use of a novel wiper malware demonstrates continued development of destructive capabilities by Sandworm, which has a history of attacks on Ukrainian infrastructure. Organizations managing energy and utility systems should immediately review network defenses, implement robust backup procedures, and enhance monitoring for similar destructive malware signatures. Critical infrastructure operators are advised to prioritize incident response planning and threat intelligence sharing. The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper