216.73.217.24

Sandworm behind cyberattack on Poland's power grid in late 2025

· Published 23/01/2026 22:47 · Modified 23/01/2026 23:17

Export JSON

Essential information

Published
23/01/2026 22:47
Modified
23/01/2026 23:17
Tags
2026-01-23 apt blackenergy critical-infrastructure dynowiper poland power grid russia-aligned wiper
Related entities
1 intrusion sets (apt), 1 techniques (mitre), 3 others

Description

In late 2025, 's energy system was targeted by a major cyberattack, now attributed to the group Sandworm by ESET Research. The attack involved data-wiping malware named , detected as Win32/KillFiles.NMO. While the full impact is still under investigation, researchers noted the attack's timing coincided with the 10th anniversary of Sandworm's 2015 attack on Ukraine's . Sandworm continues to target critical infrastructure, particularly in Ukraine, with regular attacks. The group's history of disruptive cyberattacks and the similarities in tactics, techniques, and procedures led to a medium-confidence attribution of this latest incident to Sandworm.

External references