The Polish government said Russian government hackers took advantage of the insecurity to infiltrate parts of the country's energy grid infrastructure.
On Friday, Poland's Computer Emergency Response Team (CERT), part of the Ministry of Digital, published a technical report on incidents late last year in which suspected Russian government hackers hacked wind, solar and thermal power plants. The hackers did not encounter much resistance, the report said. The targeted systems were using default usernames and passwords and did not have multi-factor authentication enabled. Both were incredibly basic mistakes.
The hackers infected the compromised systems with wiper malware designed to erase and effectively destroy the system, possibly in an attempt to power it down, but it's unclear if that was their goal. In any case, the attack was thwarted at thermal power plants, but not at wind and solar farms, where systems that monitor and control grid systems were rendered inoperable by malware.
“All attacks are purely destructive in nature and, in a physical world analogy, can be compared to deliberate acts of arson,” the report said.
The hackers failed to shut off power to any of the targeted facilities. And even if successful, the hack “would not have affected the stability of Poland's electricity system during the period in question,” the report said.
Cybersecurity companies ESET and Dragos previously published a report on the attack, which occurred on December 29 last year, and accused the notorious Russian government hacking group Sandworm of being behind the intrusion. Sandworm has a documented history of targeting energy infrastructure in Ukraine and turning out the lights in the country in 2015, 2016, and 2022.
However, Poland's CERT blamed another Russian government hacking group known for more traditional cyber espionage rather than destructive attacks, known as Berserk Bear or Dragonfly.