Listen to the article
Poland Faces Unprecedented Surge in Cyberattacks, Energy Sector Targeted
Poland has experienced an alarming 2½-fold increase in cyberattacks in 2025 compared to the previous year, with the country battling an escalating 270,000 attacks over the past 12 months, Deputy Minister of Digital Affairs Paweł Olszewski revealed on Tuesday.
“We’ve been waging a war in cyberspace for many years now,” Olszewski stated. “The number of incidents and attacks has been increasing significantly and radically year after year.”
Among these attacks was a particularly concerning destructive infiltration of Poland’s energy system in December, believed to be unprecedented among NATO and European Union members. The attack, which Polish authorities suspect originated from Russia, has heightened security concerns across the region.
The Polish government, under Prime Minister Donald Tusk, has significantly strengthened its cyber defenses since Russia’s full-scale invasion of Ukraine began on February 24, 2022, responding to what officials perceive as a growing threat from Moscow.
The December 29 attack targeted a combined heat and power plant that supplies nearly 500,000 customers, as well as multiple wind and solar farms across Poland. While the electricity supply remained uninterrupted, the sophisticated nature of the sabotage alarmed Polish authorities to such an extent that CERT Polska (Computer Emergency Response Team Poland) took the unusual step of publishing a detailed technical report in late January, seeking input from the global cybersecurity community.
“The attack was a significant escalation,” CERT head Marcin Dudek told The Associated Press. “We’ve had such incidents in the past, but they were of the ransomware type, where the motivation of the attacker is financial. In this case, there was no financial motivation — the motivation was just destruction.”
Dudek emphasized that Poland has witnessed only a few destructive incidents previously, none targeting the energy sector. He noted that he was not aware of any other destructive cyberattacks on the energy infrastructure in either NATO or EU countries. While espionage incidents and activist groups have caused marginal damage in the past, “advanced attacks” like the December one in Poland likely represent an unprecedented escalation.
The impact could have been far more severe had the attack targeted larger energy units, potentially compromising the stability of Poland’s entire energy grid, according to Dudek.
Polish intelligence services have not yet publicly identified the perpetrator, but technical analysis points to Russian involvement. CERT’s analysis examined the internet infrastructure used in the attack, including domains and IP addresses, and found they had previously been utilized by a Russian threat actor known as “Dragonfly” (also called “Static Tundra” or “Berserk Bear”).
“Dragonfly has been known to target the energy sector, but so far not with a destructive attack,” Dudek explained.
According to an FBI alert issued in August 2025, Dragonfly is associated with FSB Center 16, a key unit within Russia’s Federal Security Service.
Independent cybersecurity experts corroborate the assessment of Russian involvement. ESET, one of the European Union’s largest cybersecurity companies, analyzed the malware used in the attack and concluded the likely culprit was “Sandworm,” another Russian-linked actor previously associated with destructive attacks in Ukraine. The U.S. government has previously attributed Sandworm’s activities to Russia’s GRU, the Main Intelligence Directorate of the General Staff of the Armed Forces.
Anton Cherepanov, senior malware researcher at ESET, told The Associated Press that “the use of data-wiping malware and its deployment” in the Polish case “are both techniques commonly employed by Sandworm.”
“We are not aware of any other recently active threat actors that have used data-wiping malware in their operations against targets in European Union countries,” Cherepanov added.
Whether the attack was executed by Dragonfly or Sandworm, both are groups previously linked to Russian intelligence services. “Whether it’s these Russians or those Russians is a detail,” Cherepanov noted.
The Russian Embassy in Warsaw did not respond to requests for comment on the allegations.
This escalation comes amid growing concerns about critical infrastructure vulnerability across Europe, with energy systems becoming increasingly targeted as geopolitical tensions rise. The sophisticated nature of this attack suggests a concerning evolution in cyber warfare tactics that could have profound implications for national security across NATO and EU member states.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
16 Comments
The sharp rise in cyberattacks on Poland is alarming. Securing energy and other vital infrastructure should be a top national security priority. Curious to see what measures the government takes to bolster its cyber defenses.
Good point. Protecting the energy sector is crucial, as a successful attack could have widespread and devastating consequences. Poland will need to invest heavily in advanced cybersecurity capabilities.
The sharp rise in cyberattacks on Poland, particularly the assault on the energy sector, is a troubling development. Securing critical infrastructure against these threats should be a top national security priority. I’m curious to learn more about the government’s plan to bolster its cyber defenses.
Absolutely. Protecting the energy sector is especially crucial, as a successful attack could have widespread and devastating consequences for the public. Poland will need to work closely with allies and the private sector to enhance its cyber resilience.
This is a concerning trend that highlights the growing vulnerability of critical infrastructure to cyberattacks. Poland will need to stay vigilant and invest heavily in its cybersecurity capabilities to protect its energy and other vital systems.
Absolutely. Cyberattacks targeting energy and other critical sectors can have severe consequences for the public. Poland must take a proactive and comprehensive approach to strengthen its cyber resilience.
This is a concerning development, especially the attack on the energy system. Cyberattacks can have devastating real-world consequences, so Poland will need to invest heavily in cybersecurity to protect its critical infrastructure.
Absolutely. As geopolitical tensions rise, the threat of state-sponsored cyberattacks also increases. Poland must work closely with allies to share intelligence and coordinate defenses.
Worrying to see cyber threats escalating in Poland, especially targeting critical energy infrastructure. Robust cyber defense should be a top priority for all countries facing these growing risks.
Agreed. The attack on the combined heat and power plant sounds particularly concerning. Poland will need to stay vigilant and strengthen its cyber resilience to mitigate such threats.
Increasingly, cybersecurity is becoming a matter of national security. The attack on Poland’s energy system is a stark reminder that all countries must be prepared to defend against these threats. Curious to learn more about the government’s response.
Agreed. Cyberattacks can have real-world physical impacts, as this incident demonstrates. Poland will need to work closely with allies and the private sector to bolster its defenses.
The surge in cyberattacks on Poland, including the assault on the energy sector, is a worrying development. Securing critical infrastructure against these threats should be a top priority for the government. Curious to see what specific measures they take to enhance their cyber defenses.
Well said. Protecting the energy sector is especially crucial, as a successful attack could have widespread and devastating impacts on the public. Poland will need to work closely with experts and allies to bolster its cybersecurity capabilities.
Cyberattacks on critical infrastructure like the energy sector can have severe consequences. It’s concerning to see Poland facing such a significant increase in these threats. Strengthening cyber defenses should be a key focus for the government to protect the country and its citizens.
Agreed. The attack on the combined heat and power plant highlights the real-world impact that cyberattacks can have. Poland will need to take a comprehensive, multilayered approach to enhance its cybersecurity and resilience.