VERY IMPORTANT

ESET researchers provide technical details on a recent data destruction incident affecting a Polish energy company. They identified new data-wiping malware named DynoWiper, attributed to the Russia-aligned threat group Sandworm with medium confidence. The tactics, techniques, and procedures observed during the DynoWiper incident resemble those seen earlier in an incident involving the ZOV wiper in Ukraine. Sandworm has a history of destructive cyberattacks, targeting various entities including energy providers. The DynoWiper samples focus on the IT environment, with no observed functionality targeting OT industrial components. The attackers deployed additional tools and attempted to use a SOCKS5 proxy. The incident represents a rare case of a Russia-aligned threat actor deploying destructive malware against an energy company in Poland.