Russian Hackers Exploit Security Flaws to Breach Polish Energy Grid

02.02.2026

The Polish government has disclosed a significant cybersecurity breach involving Russian government hackers infiltrating parts of the country's energy grid infrastructure. This incident highlights critical vulnerabilities and underscores the necessity for robust security measures.

According to a technical report released by Poland's Computer Emergency Response Team (CERT), a division of the Ministry of Digital Affairs, the breach occurred at the end of last year. The hackers targeted wind and solar farms, as well as a heat-and-power plant, exploiting weak security protocols. The report indicates that the compromised systems used default usernames and passwords and lacked multi-factor authentication, representing fundamental security oversights.

The attackers attempted to deploy wiper malware to erase and effectively destroy the systems, potentially aiming to disrupt power supply. Although their efforts were thwarted at the heat-and-power plant, the wind and solar farms' systems were rendered inoperable. The report describes the attacks as purely destructive, likening them to deliberate acts of arson.

Despite the hackers' attempts, the breach did not compromise the stability of the Polish power system. Cybersecurity firms ESET and Dragos have also documented the attacks, attributing them to the infamous Russian hacking group Sandworm, known for targeting energy infrastructure in Ukraine. However, Poland's CERT has accused a different group, Berserk Bear or Dragonfly, known more for cyberespionage than destructive attacks.

For further reading, you can access the technical reports from CERT Poland, ESET, and Dragos.