Sandworm behind cyberattack on Poland’s energy grid in late 2025

The assault concerned data-wiping malware that ESET researchers have now analyzed and named DynoWiper

23 Jan 2026
•
,
1 min. learn

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

In late 2025, Poland’s power system confronted what has been described because the “largest cyberattack” focusing on the nation in years. ESET Analysis has now discovered that the assault was the work of the infamous Russia-aligned APT group Sandworm.

“Based mostly on our evaluation of the malware and related TTPs, we attribute the assault to the Russia-aligned Sandworm APT with medium confidence on account of a robust overlap with quite a few earlier Sandworm wiper exercise we analyzed,” mentioned ESET researchers. “We’re not conscious of any profitable disruption occurring on account of this assault,” they added.

Screenshot 2026-01-23 200943 — Supply: ESET Analysis

Sandworm has a lengthy historical past of disruptive cyberattacks, particularly on Ukraine’s crucial infrastructure. In the meantime, the assault on Poland’s energy grid within the final week of December concerned data-wiping malware that ESET has now analyzed and named DynoWiper. ESET safety options detect DynoWiper as Win32/KillFiles.NMO.

Whereas particulars relating to the supposed influence proceed to be investigated, ESET researchers have highlighted the truth that the coordinated assault occurred on the ten^th anniversary of the Sandworm-orchestrated assault towards the Ukrainian energy grid, which resulted within the first ever malware-facilitated blackout. Again in December 2015, Sandworm used the BlackEnergy malware to achieve entry to crucial programs at a number of electrical substations, leaving round 230,000 folks with out electrical energy for a number of hours.

Quick ahead a decade and Sandworm continues to focus on entities working in numerous crucial infrastructure sectors, particularly in Ukraine. Of their newest APT Exercise Report, masking April to September 2025, ESET researchers famous that they noticed Sandworm conducting wiper assaults towards targets in Ukraine regularly.

For any inquiries about our analysis printed on WeLiveSecurity, please contact us at threatintel@eset.com.

ESET Analysis provides personal APT intelligence experiences and information feeds. For any inquiries about this service, go to the ESET Menace Intelligence web page.