A technical analysis by ESET said the Russian nation state hacking group Sandworm deployed a previously undocumented wiper called DynoWiper in an unsuccessful cyber attack on Poland’s power system on December 29 and 30 2025. Targets included two combined heat and power plants and a system that manages electricity from wind and photovoltaic farms. No confirmed outages occurred.
KEY FACTS
- Incident Cyber attack on Poland power system
- Date December 29 and 30 2025
- Malware New wiper named DynoWiper
- Targets Two CHP plants and a renewable generation management system
The attacks occurred on December 29 and 30 2025 and targeted two combined heat and power plants and a system for managing electricity from wind and photovoltaic farms.
The report links DynoWiper to Sandworm through overlaps with prior wiper activity observed after Russia’s 2022 invasion of Ukraine. DynoWiper is described as a data wiper designed to erase files on infected systems.
Activity linked to the group in 2025 included deployment of multiple data wipers such as ZEROLOT and Sting against Ukrainian entities between June and September 2025. A previous disruptive campaign in 2015 used BlackEnergy and KillDisk to cause outages in parts of Ukraine.
The government is preparing extra safeguards and cybersecurity legislation to impose requirements on IT and OT risk management and incident response Prime Minister’s office.
WHY IT MATTERS
An attempted destructive attack against generation and grid management systems highlights persistent threats to energy sector operations. The incident underscores the need for strengthened operational technology and information technology protections.