{"id":899,"date":"2026-04-12T03:46:49","date_gmt":"2026-04-12T03:46:49","guid":{"rendered":"https:\/\/www.europesays.com\/poland\/899\/"},"modified":"2026-04-12T03:46:49","modified_gmt":"2026-04-12T03:46:49","slug":"poland-faced-a-surge-in-cyberattacks-in-2025-including-a-major-assault-on-the-energy-sector","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/poland\/899\/","title":{"rendered":"Poland faced a surge in cyberattacks in 2025, including a major assault on the energy sector"},"content":{"rendered":"

WARSAW \u2013 Poland experienced 2\u00bd times more cyberattacks in 2025 compared to the previous year, and the numbers are constantly rising, a government official said Tuesday. <\/p>\n

The attacks included a destructive infiltration of the country’s energy system in December that was believed to be unprecedented among NATO and European Union members, and was suspected of originating in Russia.<\/p>\n

Over the last year, Poland was the target of 270,000 cyberattacks, Deputy Minister of Digital Affairs Pawe\u0142 Olszewski said Tuesday. <\/p>\n

\u201cWe’ve been waging a war in cyberspace for many years now,\u201d the official said. \u201cThe number of incidents and attacks has been increasing significantly and radically year after year.\u201d<\/p>\n

The government, led by Prime Minister Donald Tusk, has beefed up<\/a> its cyber defenses since the start of Russia’s full-scale invasion of Ukraine on Feb. 24, 2022, in response to what it believes to be a rising threat<\/a> from Russia. <\/p>\n

Energy system attack<\/p>\n

During the morning and afternoon of Dec. 29, coordinated cyberattacks hit a combined heat and power plant supplying heat to almost 500,000 customers, as well as multiple wind and solar farms in Poland.<\/p>\n

Polish authorities suspected the cyberattacks were done by a single \u201cthreat actor,\u201d with multiple experts pointing to culprits linked to Russian secret services.<\/p>\n

The electricity supply wasn\u2019t disrupted, but the nature of the sabotage<\/a> alarmed Polish authorities so much that the agency CERT Polska, or Computer Emergency Response Team Poland, issued a public report in late January on technical details of the incident and asked the cyber community for any input on what happened.<\/p>\n

\u201cThe attack was a significant escalation,\u201d CERT head Marcin Dudek told The Associated Press.<\/p>\n

\u201cWe\u2019ve had such incidents in the past, but they were of the ransomware type, where the motivation of the attacker is financial,” Dudek said. \u201cIn this case, there was no financial motivation \u2014 the motivation was just destruction.\u201d<\/p>\n

He said that Poland has seen only a few destructive incidents in the past and none of them were in the energy sector.<\/p>\n

Dudek said that he wasn’t aware of any other destructive cyberattacks on the energy sector in either NATO or EU countries. There have been espionage incidents and activist groups causing marginal damage, but \u201cadvanced attacks\u201d like the December one in Poland are likely unprecedented, he said.<\/p>\n

Had it targeted even larger energy units, it could have substantially impacted the stability of Poland’s energy grid, Dudek said. <\/p>\n

The Polish secret services haven’t yet publicly identified an alleged culprit. <\/p>\n

Dudek’s team is authorized only to describe the modus operandi and point to a likely \u201cthreat actor\u201d \u2014 cyber jargon for an individual or group engaging in malicious activity.<\/p>\n

Dragonfly or Sandworm<\/p>\n

The CERT analysis looked at the Internet infrastructure used in the Polish attack, including domains and IP addresses, and found that they had been used previously by a Russian threat actor known as \u201cDragonfly,\u201d and also called \u201cStatic Tundra\u201d or \u201cBerserk Bear.\u201d <\/p>\n

Dudek said Dragonfly has been known to target the energy sector, but so far not with a destructive attack.<\/p>\n

According to an alert issued by the FBI in the United States in August 2025, Dragonfly is a cybersecurity cluster associated with FSB Center 16, a key unit within Russia\u2019s Federal Security Service.<\/p>\n

Experts unrelated to Polish authorities agree that the traces of the December attack lead back to Russia.<\/p>\n

ESET, one of the largest cybersecurity companies in the EU, analyzed the malware used in the attack and concluded the culprit likely was \u201cSandworm,\u201d another possible Russian actor previously associated with destructive attacks in Ukraine. <\/p>\n

The U.S. government has in the past attributed Sandworm<\/a> to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation, or GRU.<\/p>\n

Anton Cherepanov, senior malware researcher at ESET, told The Associated Press that \u201cthe use of data-wiping malware and its deployment\u201d in the Polish case \u201care both techniques commonly employed by Sandworm.\u201d <\/p>\n

\u201cWe are not aware of any other recently active threat actors that have used data-wiping malware in their operations against targets in European Union countries,\u201d Cherepanov added.<\/p>\n

Whether Dragonfly or Sandworm, it would an actor previously affiliated with Russia. \u201cWhether it\u2019s these Russians or those Russians is a detail,\u201d Cherepanov said.<\/p>\n

The Russian Embassy in Warsaw didn’t respond to requests for comment.<\/p>\n

Copyright 2026 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.<\/p>\n","protected":false},"excerpt":{"rendered":"WARSAW \u2013 Poland experienced 2\u00bd times more cyberattacks in 2025 compared to the previous year, and the numbers…\n","protected":false},"author":2,"featured_media":900,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[841,500,64,842,843,331],"class_list":{"0":"post-899","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-donald-tusk","8":"tag-anton-cherepanov","9":"tag-business","10":"tag-donald-tusk","11":"tag-pawel-olszewski","12":"tag-technology","13":"tag-world-news"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/posts\/899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/comments?post=899"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/posts\/899\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/media\/900"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/media?parent=899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/categories?post=899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/poland\/wp-json\/wp\/v2\/tags?post=899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}