The December attempt to paralyse the Polish electricity system, attributed by ESET analysts to the Russian group Sandworm, is a critical point of reference for utility leaders in Central Europe. Although Prime Minister Donald Tusk and the Ministry of Climate and Environment confirmed that the integrity of the grid was preserved, the operation exposes a new risk dynamic in the region.
According to the findings of experts from Slovakia-based ESET, the attackers used a tool called DynoWiper. This is wiper software whose sole purpose is to irretrievably destroy data on infected workstations, rendering control systems useless in practice. The technical coincidence of the code with previous operations of Sandworm – a unit directly linked to the Russian military intelligence service GRU – leaves no illusions about the intentions: the aim was not to steal data, but to cause a physical blackout.
For executives, the temporal context is crucial. The attack came exactly on the tenth anniversary of the same group’s strike on Ukraine’s power grid, which went down in history as the first case of digital blackout. The fact that Poland – a key logistics hub for Ukraine – became the target of such an aggressive operation suggests that the critical infrastructure of NATO countries is no longer a ‘no-go zone’ for destructive cyber activities.
From a business perspective, the incident is forcing a revision of the resilience strategy. The successful defence of the Polish system, described by Minister Milosz Motyka as the most serious test in years, proves that investments in network segmentation and advanced traffic analytics are yielding a real return. However, the emergence of DynoWiper signals that traditional backup systems may be insufficient if recovery processes are not fully isolated from the core operational infrastructure.
