WARSAW, Poland -- Poland experienced 2½ times much cyberattacks successful 2025 compared to the erstwhile year, and the numbers are perpetually rising, a authorities authoritative said Tuesday.
In December, the state faced a destructive onslaught connected its vigor strategy believed to beryllium unprecedented among NATO and European Union members, and suspected of originating successful Russia.
Over the past year, Poland was the people of 270,000 cyberattacks, Deputy Minister of Digital Affairs Paweł Olszewski said connected Tuesday.
“We've been waging a warfare successful cyberspace for galore years now,” the authoritative said. “The fig of incidents and attacks has been expanding importantly and radically twelvemonth aft year.”
The government, present led by Prime Minister Donald Tusk, has beefed up its cyber defences since the commencement of Russia's full-scale penetration of Ukraine connected Feb. 24, 2022, successful effect to what it believes to beryllium a rising menace from Russia.
During the greeting and day of Dec. 29, coordinated cyberattacks deed a combined vigor and power, oregon CHP, works supplying vigor to astir 500,000 customers, arsenic good arsenic aggregate upwind and star farms successful Poland.
Polish authorities said that the actions were apt performed “by the aforesaid menace actor,” with aggregate experts pointing to malicious actors linked to Russian concealed services.
The energy proviso wasn't disrupted, but the quality of the sabotage onslaught alarmed Polish authorities truthful overmuch truthful that they enactment retired a study detailing the method details of the incidental and asking the cyber assemblage to spot successful with immoderate observations astir what happened.
“The onslaught was a important escalation,” Marcin Dudek, caput of CERT Polska, oregon Computer Emergency Response Team Poland, told The Associated Press. The squad is liable for responding to machine information incidents operating wrong the authorities probe institute NASK.
It was Dudek’s squad that prepared the governmental report.
“We’ve had specified incidents successful the past, but they were of the ransomware type, wherever the information of the attacker is financial," Dudek said. “In this case, determination was nary fiscal information — the information was conscionable destruction.”
He said that Poland has seen fewer destructive incidents successful the past and nary of them were successful the vigor sector.
Dudek said that helium wasn't alert of immoderate different destructive cyberattacks connected the vigor assemblage successful either NATO oregon EU countries. There person been galore espionage incidents arsenic good arsenic situations successful which activistic groups managed to origin marginal harm to devices, but “advanced attacks” similar the December 1 successful Poland are apt unprecedented, helium said.
If the standard of the onslaught was bigger and larger vigor units were targeted, an enactment similar this “could interaction the stableness of the Polish grid system,” Dudek said.
The Polish concealed services haven't yet publically identified an alleged culprit. Dudek’s squad lone has the prerogatives to picture the modus operandi and constituent to a apt “threat actor” responsible. In cyber jargon, a menace histrion is an idiosyncratic oregon radical engaging successful malicious activity.
According to the CERT analysis, the infrastructure utilized for the Polish attack, including domains and net protocol, oregon IP, addresses — a numeric designation that identifies its determination connected the net — had been utilized earlier by a Russian menace histrion known by the sanction “Dragonfly,” besides called “Static Tundra” oregon “Berserk Bear.”
Dudek says Dragonfly is known to person engaged successful espionage cyber actions against the vigor sector, but truthful acold it hasn’t been associated with a destructive one.
According to an alert issued by FBI successful August 2025, Dragonfly is simply a cybersecurity clump associated with FSB Center 16 unit, a cardinal portion wrong Russia’s Federal Security Service liable for signals intelligence, physics espionage and cyber operations.
“For implicit a decade, this portion has compromised networking devices globally,” the FBI wrote.
Experts unrelated to Polish authorities hold that the traces pb backmost to Russia.
ESET, 1 of the largest cybersecurity companies successful the EU, was alerted erstwhile the onslaught happened due to the fact that 1 of the Polish companies affected had purchased its cyber solutions. After analyzing the malware utilized successful the attack, ESET experts concluded that the menace histrion progressive was apt Sandworm.
The radical says it recognized patters it had seen earlier successful much than 10 incidents, including destructive malware, astir happening successful Ukraine, which it had investigated before.
The U.S. authorities has successful the past attributed Sandworm to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation, oregon GRU.
Anton Cherepanov, elder malware researcher astatine ESET, told The Associated Press that “the usage of data-wiping malware and its deployment” successful the Polish lawsuit “are some techniques commonly employed by Sandworm.”
The menace histrion often targets vigor companies, helium said. This circumstantial benignant of destructive attack, however, was lone emblematic successful Ukraine recently.
“We are not alert of immoderate different precocious progressive menace actors that person utilized data-wiping malware successful their operations against targets successful European Union countries,” Cherepanov added.
CERT, the assemblage affiliated with the Polish government, is little definite astir Sandworm.
“CERT Polska cannot conclusively find whether the histrion down the ‘Sandworm’ enactment clump participated successful the onslaught to immoderate extent,” it wrote successful its report.
Whether Dragonfly oregon Sandworm, nary of the experts contradict the menace histrion apt progressive is 1 Western services antecedently affiliated with Russia.
“Whether it’s these Russians oregon those Russians is simply a detail,” Cherepanov said.
The Russian Embassy successful Warsaw didn't respond to requests for comment.
English (CA) · 
English (US) · 
Spanish (MX) ·