Quick Takeaways
- Poland’s cyberattack incidents surged 2.5 times in 2025, including a major, unprecedented attack on the energy sector suspected to be linked to Russia.
- A coordinated cyberattack in December targeted key energy infrastructure, causing destruction without disrupting power, marking a significant escalation in cyber warfare.
- Technical analysis links the attack to Russian threat groups “Dragonfly” and “Sandworm,” both associated with destructive operations and cyber espionage.
- Authorities warn that such advanced, destructive cyberattacks on energy systems are rare in NATO/EU countries, signaling a growing threat from Russian cyber actors.
[gptA technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Poland faced surge in cyberattacks in 2025 including energy sector assault’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
WARSAW, Poland (AP) — Poland experienced 2½ times more cyberattacks in 2025 compared to the previous year, and the numbers are constantly rising, a government official said Tuesday.
The attacks included a destructive infiltration of the country’s energy system in December that was believed to be unprecedented among NATO and European Union members, and was suspected of originating in Russia.
Over the last year, Poland was the target of 270,000 cyberattacks, Deputy Minister of Digital Affairs Paweł Olszewski said Tuesday.
“We’ve been waging a war in cyberspace for many years now,” the official said. “The number of incidents and attacks has been increasing significantly and radically year after year.”
The government, led by Prime Minister Donald Tusk, has beefed up its cyber defenses since the start of Russia’s full-scale invasion of Ukraine on Feb. 24, 2022, in response to what it believes to be a rising threat from Russia.
Energy system attack
During the morning and afternoon of Dec. 29, coordinated cyberattacks hit a combined heat and power plant supplying heat to almost 500,000 customers, as well as multiple wind and solar farms in Poland.
Polish authorities suspected the cyberattacks were done by a single “threat actor,” with multiple experts pointing to culprits linked to Russian secret services.
The electricity supply wasn’t disrupted, but the nature of the sabotage alarmed Polish authorities so much that the agency CERT Polska, or Computer Emergency Response Team Poland, issued a public report in late January on technical details of the incident and asked the cyber community for any input on what happened.
“The attack was a significant escalation,” CERT head Marcin Dudek told The Associated Press.
“We’ve had such incidents in the past, but they were of the ransomware type, where the motivation of the attacker is financial,” Dudek said. “In this case, there was no financial motivation — the motivation was just destruction.”
He said that Poland has seen only a few destructive incidents in the past and none of them were in the energy sector.
Dudek said that he wasn’t aware of any other destructive cyberattacks on the energy sector in either NATO or EU countries. There have been espionage incidents and activist groups causing marginal damage, but “advanced attacks” like the December one in Poland are likely unprecedented, he said.
Had it targeted even larger energy units, it could have substantially impacted the stability of Poland’s energy grid, Dudek said.
The Polish secret services haven’t yet publicly identified an alleged culprit.
Dudek’s team is authorized only to describe the modus operandi and point to a likely “threat actor” — cyber jargon for an individual or group engaging in malicious activity.
Dragonfly or Sandworm
The CERT analysis looked at the Internet infrastructure used in the Polish attack, including domains and IP addresses, and found that they had been used previously by a Russian threat actor known as “Dragonfly,” and also called “Static Tundra” or “Berserk Bear.”
Dudek said Dragonfly has been known to target the energy sector, but so far not with a destructive attack.
According to an alert issued by the FBI in the United States in August 2025, Dragonfly is a cybersecurity cluster associated with FSB Center 16, a key unit within Russia’s Federal Security Service.
Experts unrelated to Polish authorities agree that the traces of the December attack lead back to Russia.
ESET, one of the largest cybersecurity companies in the EU, analyzed the malware used in the attack and concluded the culprit likely was “Sandworm,” another possible Russian actor previously associated with destructive attacks in Ukraine.
The U.S. government has in the past attributed Sandworm to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation, or GRU.
Anton Cherepanov, senior malware researcher at ESET, told The Associated Press that “the use of data-wiping malware and its deployment” in the Polish case “are both techniques commonly employed by Sandworm.”
“We are not aware of any other recently active threat actors that have used data-wiping malware in their operations against targets in European Union countries,” Cherepanov added.
Whether Dragonfly or Sandworm, it would an actor previously affiliated with Russia. “Whether it’s these Russians or those Russians is a detail,” Cherepanov said.
The Russian Embassy in Warsaw didn’t respond to requests for comment.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Continue Your Tech Journey
Explore the future of technology with our detailed insights on Artificial Intelligence.
Explore past and present digital transformations on the Internet Archive.
Cybercrime-V1
