Russian hackers Linked to Polish Power Grid Cyberattack
A cyberattack targeting Poland’s power grid in late December 2025 has been attributed to Sandworm, a hacking group sponsored by the Russian state. The group attempted to deploy a new data-wiping malware, DynoWiper, during the attack.
Sandworm, also known as UAC-0113, APT44, and Seashell blizzard, has been active as 2009. Security researchers believe the group operates as part of Russia’s Military Unit 74455 within the Main Intelligence Directorate (GRU). They are known for disruptive and destructive cyber operations.
In December 2015, Sandworm conducted a similar attack on Ukraine’s energy grid, leaving approximately 230,000 people without power.
ESET researchers connected Sandworm to the attack on Poland’s energy infrastructure, which occurred on December 29-30, 2025, and involved the use of DynoWiper.
Data wipers like DynoWiper function by systematically deleting files within a computer system.
