According to the ESET Research analysis, the hacker group Sandworm, connected to Russia, was behind the cyber attack on the Polish energy network from the end of 2025. The attack was one of the biggest incidents of this kind in Poland in recent years. State Secretary of the Ministry of Energy Wojciech Wrochna announced at a press conference on Monday that the authorities have detailed information about the attack, reports the Warsaw correspondent TASR.
- The Sandworm group was behind the cyber attack on the Polish power grid.
- The incident was one of the largest of its kind in Poland in recent years.
- The attack used destructive data erasure malware, likely Russian in origin.
- The Polish authorities have analyzed the incident in detail and are closely cooperating with the security forces.
- The attack did not cause power outages, it was repelled without major consequences.
ESET stated in its report that the attack was carried out using destructive malware designed to delete data. The company rated the attribution of the attack to the Sandworm group as moderately certain, based on conformity of the used techniques with the previous operations of this group. Sandworm has long been associated with attacks on critical infrastructure, especially in Ukraine.
The State Secretary of the Ministry of Energy of Poland, Wojciech Wrochna, responded to the possible origin of the attack from Russia at a press conference on Monday. He said that both the department and the operators of the energy infrastructure are closely cooperating with the components responsible for cyber security and with the intelligence services, which have detailed analyzes of the incident at their disposal.
“We can say with high probability that the attacks were coming from the east,” said Wrochna, referring to the official statement after the government meeting, but added that Poland does not have 100 percent confirmation of the origin of the attack. He considers the available reports of the security agencies to be professional and detailed, he has not yet read the ESET report.
According to ESET Research, the coordinated attack took place in the last week of December – symbolically ten years after the first known cyber attack on the Ukrainian electricity grid in 2015, which Sandworm organized and which at the time deprived approximately 230,000 people of electricity. According to the latest findings, the group continued similar activities in 2025, especially against targets in Ukraine. The attack on the Polish energy infrastructure was repelled and did not cause power outages.
