Researchers revealed on Friday that Poland’s electric grid was targeted by wiper malware, an attack suspected to be orchestrated by state-sponsored Russian hackers aiming to disrupt electricity delivery operations.
According to a report by Reuters, the cyberattack took place in the last week of December and was intended to disrupt communications between renewable energy installations and power distribution operators. However, the attempt did not succeed for undisclosed reasons.
Security firm ESET identified the malware as a type of wiper, designed to permanently erase code and data on servers with the intent of completely halting operations. Based on an analysis of the tactics, techniques, and procedures (TTPs) employed in the attack, ESET researchers attributed the malware to a Russian government hacker group known as Sandworm, with medium confidence due to similarities with previous Sandworm activities.
“After analyzing the malware and its associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT due to a strong overlap with numerous previous Sandworm wiper activities we have studied,” ESET researchers stated. “We have no evidence of any successful disruption resulting from this attack.”
The Sandworm group is infamous for carrying out destructive attacks for the Kremlin, targeting its adversaries. One significant incident occurred in Ukraine in December 2015, where an attack left approximately 230,000 people without power for six hours during a harsh winter. The hackers used general-purpose malware known as BlackEnergy to infiltrate power companies’ supervisory control and data acquisition systems, leveraging legitimate functionality to halt electricity distribution. This event marked the first known case of a blackout caused by malware.