Blog Details

A cyberattack concentrating on Poland’s power grid in unhurried December 2025 has been linked to the Russian disclose-sponsored hacking neighborhood Sandworm, which tried to deploy a brand recent unfavourable knowledge-wiping malware dubbed DynoWiper all the plan via the assault..

Sandworm (also tracked as UAC-0113, APT44, and Seashell Blizzard) is a Russian nation-disclose hacking neighborhood that has been active since 2009. The neighborhood is believed to be allotment of Russia’s Defense power Unit 74455 of the Major Intelligence Directorate (GRU) and is known for conducting disruptive and unfavourable attacks.

Practically precisely 10 years earlier, Sandworm conducted a unfavourable knowledge-wiping assault on Ukraine’s power grid that left approximately 230,000 folk with out power. 

Primarily based on ESET, Sandworm has now been linked to the December 29-thirtieth assault on Poland’s power infrastructure, which frail a knowledge wiper called DynoWiper.

When completed, knowledge wipers iterate via a filesystem, deleting data. When accomplished, the working machine is left unusable and may maybe presumably be rebuilt from backups or reinstalled. 

In a press assertion, Polish officers mentioned the assault centered two mixed warmth and power vegetation as successfully as a administration machine frail to alter electrical energy generated from renewable sources comparable to wind generators and photovoltaic farms.

“Everything indicates that these attacks were prepared by groups directly linked to the Russian services,” Poland’s Prime Minister Donald Tusk mentioned at a press convention.

ESET has not shared many technical tiny print about DynoWiper, most effective citing that the antivirus firm detects it as Win32/KillFiles.NMO and that it has a SHA-1 hash of 4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6.

BleepingComputer has not been ready to salvage a sample of the wiper uploaded to VirusTotal, Triage, Any.Dash, and varied malware submission sites.

Whereas it’s unclear how long the threat actors remained within Poland’s systems or how they had been breached, Senior Risk Intel Advisor for Crew Cymru Will Thomas (aka BushidoToken) recommends that defenders be taught Microsoft’s February 2025 document on Sandworm.

Extra not too long within the past, Sandworm became linked to unfavourable knowledge-wiping attacks on Ukraine’s education, government, and the grain sector in June and September 2025.