{"id":11187,"date":"2026-01-26T23:04:46","date_gmt":"2026-01-26T23:04:46","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=11187"},"modified":"2026-01-26T23:04:46","modified_gmt":"2026-01-26T23:04:46","slug":"sandworm-behind-cyberattack-on-polands-energy-grid-in-late-2025","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=11187","title":{"rendered":"Sandworm behind cyberattack on Poland\u2019s energy grid in late 2025"},"content":{"rendered":"


\n<\/p>\n

\n

The assault concerned data-wiping malware that ESET researchers have now analyzed and named DynoWiper<\/p>\n

\n
\"ESET<\/picture><\/a><\/div>\n<\/div>\n

\n 23 Jan 2026<\/span>
\n \u00a0\u2022\u00a0<\/span>
\n , <\/span>
\n 1 min. learn<\/span>\n <\/p>\n

\n \"ESET<\/picture> <\/div>\n<\/div>\n
\n

In late 2025, Poland\u2019s power system confronted what has been described because the \u201clargest cyberattack<\/a>\u201d focusing on the nation in years. ESET Analysis has now discovered that the assault was the work of the infamous Russia-aligned APT group Sandworm.<\/p>\n

\u201cPrimarily based on our evaluation of the malware\u00a0and related TTPs, we attribute\u00a0the assault to the Russia-aligned Sandworm APT with medium confidence resulting from a robust overlap with quite a few earlier Sandworm wiper exercise<\/a> we analyzed,\u201d stated ESET researchers. \u201cWe\u2019re not conscious of any profitable disruption occurring because of this assault,\u201d they added.<\/p>\n

\"Screenshot
Supply:\u00a0ESET Analysis<\/a><\/figcaption><\/figure>\n

Sandworm has a lengthy historical past<\/a> of disruptive cyberattacks, particularly on Ukraine\u2019s vital infrastructure. In the meantime, the assault on Poland\u2019s energy grid within the final week of December concerned data-wiping malware that ESET has now analyzed and named DynoWiper. ESET safety options detect DynoWiper as Win32\/KillFiles.NMO.<\/p>\n

Whereas particulars concerning the supposed affect proceed to be investigated, ESET researchers have highlighted the truth that the coordinated assault occurred on the tenth<\/sup> anniversary of the Sandworm-orchestrated assault in opposition to the Ukrainian energy grid, which resulted within the first ever malware-facilitated blackout. Again in December 2015, Sandworm used the BlackEnergy<\/a> malware to realize entry to vital techniques at a number of electrical substations, leaving round 230,000 folks with out electrical energy for a number of hours.<\/p>\n

Quick ahead a decade and Sandworm continues to focus on entities working in varied vital infrastructure sectors, particularly in Ukraine. Of their newest APT Exercise Report<\/a>, overlaying April to September 2025, ESET researchers famous that they noticed Sandworm conducting wiper assaults in opposition to targets in Ukraine regularly.<\/p>\n

\n
For any inquiries about our analysis revealed on WeLiveSecurity, please contact us at\u00a0threatintel@eset.com<\/a>.<\/p>\n
ESET Analysis affords personal APT intelligence stories and knowledge feeds. For any inquiries about this service, go to the\u00a0ESET Risk Intelligence<\/a>\u00a0web page.<\/div>\n<\/div>\n<\/blockquote>\n

IoCs<\/h3>\n\n\n\n\n\n
SHA-1 <\/strong><\/td>\nDetection<\/strong><\/td>\nDescription<\/strong><\/td>\n<\/tr>\n<\/thead>\n
4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6<\/span><\/td>\nWin32\/KillFiles.NMO<\/td>\nDynoWiper.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"

The assault concerned data-wiping malware that ESET researchers have now analyzed and named DynoWiper 23 Jan 2026 \u00a0\u2022\u00a0 , 1 min. learn In late 2025, Poland\u2019s power system confronted what has been described because the \u201clargest cyberattack\u201d focusing on the nation in years. ESET Analysis has now discovered that the assault was the work of […]<\/p>\n","protected":false},"author":2,"featured_media":11189,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[2701,2197,5468,7573,763,7572],"class_list":["post-11187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cyberattack","tag-grid","tag-late","tag-polands","tag-power","tag-sandworm"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11187"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11187\/revisions"}],"predecessor-version":[{"id":11188,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11187\/revisions\/11188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/11189"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}