A cyberattack focusing on Poland’s energy grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which tried to deploy a brand new damaging data-wiping malware dubbed DynoWiper in the course of the assault..
Sandworm (additionally tracked as UAC-0113, APT44, and Seashell Blizzard) is a Russian nation-state hacking group that has been lively since 2009. The group is believed to be a part of Russia’s Army Unit 74455 of the Principal Intelligence Directorate (GRU) and is understood for finishing up disruptive and damaging assaults.
Virtually precisely 10 years earlier, Sandworm performed a damaging data-wiping assault on Ukraine’s vitality grid that left roughly 230,000 individuals with out energy.
Based on ESET, Sandworm has now been linked to the December 29-Thirtieth assault on Poland’s vitality infrastructure, which used an information wiper referred to as DynoWiper.
When executed, information wipers iterate via a filesystem, deleting information. When completed, the working system is left unusable and have to be rebuilt from backups or reinstalled.
In a press assertion, Polish officers stated the assault focused two mixed warmth and energy crops in addition to a administration system used to manage electrical energy generated from renewable sources reminiscent of wind generators and photovoltaic farms.
“All the pieces signifies that these assaults have been ready by teams straight linked to the Russian companies,” Poland’s Prime Minister Donald Tusk stated at a press convention.
ESET has not shared many technical particulars about DynoWiper, solely stating that the antivirus firm detects it as Win32/KillFiles.NMO and that it has a SHA-1 hash of 4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6.
BleepingComputer has not been capable of finding a pattern of the wiper uploaded to VirusTotal, Triage, Any.Run, and different malware submission websites.
Whereas it’s unclear how lengthy the menace actors remained inside Poland’s techniques or how they have been breached, Senior Menace Intel Advisor for Crew Cymru Will Thomas (aka BushidoToken) recommends that defenders learn Microsoft’s February 2025 report on Sandworm.
Extra just lately, Sandworm was linked to damaging data-wiping assaults on Ukraine’s schooling, authorities, and the grain sector in June and September 2025.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and information, safety groups are shifting quick to maintain these new companies protected.
This free cheat sheet outlines 7 greatest practices you can begin utilizing right now.
