A failed December effort to take down parts of Poland's energy grid was the work of Russian government hackers known for causing energy disruptions in the past, according to a security research firm that investigated the incident.
Poland's Energy Minister Milos Motyka told reporters last week that hackers targeted two thermal power plants in attempted cyberattacks on December 29 and 30, attempting to disrupt communication links between renewable energy facilities such as wind turbines and electricity distribution companies.
Motyka called the incident “the strongest attack” on Poland's energy infrastructure in years, and the Polish government blamed Moscow for the attempt. Local media reported that the attack may have knocked out heating and power to at least 500,000 homes across the country.
On Friday, cybersecurity company ESET announced that it had obtained a copy of a destructive malware called DynoWiper. This type of malware, known as “wiper” malware, is designed to irreversibly destroy data on your computer, rendering it inoperable.
ESET determined with “medium confidence” that the malware was the work of a hacker group known as Sandworm, a unit within Russia's military intelligence agency GRU, based on “strong overlap” with previous research on Sandworm's past malware. This includes the group's use of destructive malware targeting Ukraine's energy sector.
Independent journalist Kim Zetter first reported the news.
As Zetter pointed out, the cyber attack targeting Poland occurred almost exactly 10 years after Sandworm first launched a cyber attack on Ukraine's energy infrastructure in 2015, knocking out power to more than 230,000 homes around the country's capital, Kiev. A year later, a similar cyberattack hit Ukraine's energy system.
In response to the attempted hack, Polish Prime Minister Donald Tusk said the country's cybersecurity defenses worked and “at no time were critical infrastructure threatened.”