Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
SharkLoader Malware Uses Fake Cisco AnyConnect, Google Updates
July 3, 2026
Home/Threats/Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware
Threats

Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware

An alarming cyberattack targeted Poland’s energy infrastructure in late December 2025, an incident security experts are calling the country’s largest in years. The Russian-aligned Sandworm group,...

Sarah simpson
Sarah simpson
January 26, 2026 2 Min Read
31 0

An alarming cyberattack targeted Poland’s energy infrastructure in late December 2025, an incident security experts are calling the country’s largest in years.

The Russian-aligned Sandworm group, known for orchestrating some of the most damaging attacks on critical infrastructure, emerged as the culprit behind this coordinated assault.

The group deployed a previously undocumented data-wiping malware payload that has since been named DynoWiper, marking another chapter in Sandworm’s long history of aggressive operations.

This attack represents a significant escalation in regional tensions, arriving precisely on the tenth anniversary of Sandworm’s devastating 2015 assault on Ukraine’s power grid—an operation that caused the first-ever malware-driven blackout, leaving approximately 230,000 people without electricity.

The timing suggests a deliberate strategic choice by threat actors intent on demonstrating their capabilities during a symbolically charged moment. Poland’s electrical systems faced genuine operational risk as the malware spread through the infrastructure.

Welivesecurity analysts and ESET researchers identified DynoWiper during their detailed forensic analysis of the attack’s technical components.

The researchers assigned it the detection signature Win32/KillFiles.NMO within their security solutions, confirming its role as the primary destructive payload.

These findings came through comprehensive investigation of the malware’s code structure and its connection to established Sandworm operational techniques.

DynoWiper’s Destructive Capabilities and Operational Impact

DynoWiper operates as a file-destruction tool engineered to overwrite and eliminate critical data on infected systems.

The malware’s design reflects Sandworm’s signature methodology of employing wiper functionality to cause maximum disruption to targeted networks.

Unlike traditional malware that aims for persistence or information theft, DynoWiper prioritizes rapid destruction, removing evidence while simultaneously crippling operational capabilities.

Its implementation reveals sophisticated understanding of Windows systems and the specific vulnerabilities present within power infrastructure networks.

The attack’s technical assessment showed that while Sandworm achieved successful system penetration and malware deployment, the incident resulted in no confirmed operational disruptions to Polish energy distribution.

This finding suggests either defensive measures successfully contained the spread or the attackers faced unexpected resistance during execution phases.

Nonetheless, the ability to deploy active wiper malware within critical national infrastructure represents a serious breach and underscores growing vulnerabilities in European power systems.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachMalwareSecurityThreat

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool

Next Post

New Instagram Vulnerability Exposes Private Instagram Posts to Anyone

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code
July 3, 2026
Critical Microsoft Exchange SSRF Vulnerability Gets Public PoC Exploit
July 3, 2026
North Korean Hackers Conceal JavaScript Loaders in Open Source Repos
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us