VERY IMPORTANT

In late 2025, Poland's energy system was targeted by a major cyberattack, now attributed to the Russia-aligned APT group Sandworm by ESET Research. The attack involved data-wiping malware named DynoWiper, detected as Win32/KillFiles.NMO. While the full impact is still under investigation, researchers noted the attack's timing coincided with the 10th anniversary of Sandworm's 2015 attack on Ukraine's power grid. Sandworm continues to target critical infrastructure, particularly in Ukraine, with regular wiper attacks. The group's history of disruptive cyberattacks and the similarities in tactics, techniques, and procedures led to a medium-confidence attribution of this latest incident to Sandworm.