A cybersecurity firm has reportedly determined that hackers linked to the Russian government were behind a failed attack in December that attempted to cripple parts of Poland’s energy grid.
Sandworm operates as an APT (advanced persistent threat) unit of the GRU, a unit of Russian military intelligence, and has previously disrupted power supplies, writes Portfolio.
Polish Energy Minister Milosz Motyka told reporters last week that during the cyberattack on Dec. 29 and 30, hackers targeted two thermal and power plants. They have also attempted to disrupt communications between renewable energy sources, such as wind turbines, and power distribution systems.
The minister called the incident the most powerful attack on Poland’s energy infrastructure in recent years. The Polish government blamed Moscow for the attempt.
According to local media, the attack jeopardized the heating and power supply of up to half a million homes across the country as winter temperatures set in.
On Jan. 23, Motyka reposted an announcement from his party, the Polish People’s Party (PSL): “Poland’s infrastructure is prepared for acts of sabotage, and the services continuously monitor facilities to deter saboteurs. An example of professionalism was the operation at Okęcie Airport, where a person was apprehended with a device for jamming radio waves. Not all service operations make it to the media, but we are doing everything to reduce the risk of sabotage to zero. Passenger safety is the priority.”
Cybersecurity firm ESET said Friday it had obtained a copy of the devastating malware, dubbed DynoWiper. The so-called “wiper” malware is designed to irreversibly destroy data stored on computers and render affected systems inoperable.
ESET attributed the malware to Sandworm with medium certainty, indicating that this new software shows significant overlap with previous tools used by the group, which operates as a unit of the GRU, a unit of Russian military intelligence. Sandworm has previously targeted Ukraine’s energy sector using similar methods.
“The attackers deployed a wiper, which we analyzed and named DynoWiper. We’re not aware that any successful disruption occurred as a result of this attack,” explained ESET principal threat intelligence researcher, Robert Lipovsky, to InfoSecurity Magazine.
The attack on Poland came almost exactly a decade after Sandworm first attacked Ukraine’s energy infrastructure in 2015. That attack knocked out power to more than 230,000 homes around Kyiv, and a year later, another similar attack hit the Ukrainian energy system.
After the current, unsuccessful hacker attack, Polish Prime Minister Donald Tusk stated that the country’s cyber defenses worked properly and that critical infrastructure was not at risk for a single moment.
“The long-term goal of such attacks is to weaken the economy and demoralize the population,” InfoSecurity writes.
