By rssfeeds-admin In the morning and afternoon hours, hackers targeted more than 30 wind and photovoltaic farms, a major combined heat and power (CHP) plant serving nearly half a million customers, and a private manufacturing company.
These assaults aimed purely at destruction, akin to digital arson, hitting during brutal low temperatures and snowstorms just before New Year’s.
While they severed communications and remote controls, the attacks failed to halt electricity production or heat supply, sparing end-users from immediate harm.
The incidents marked a rare hybrid assault on both IT networks and physical industrial devices, escalating beyond typical cyber espionage.
Security researchers have released a detailed report outlining the attack sequence and tactics, urging greater vigilance against sabotage in critical sectors.
This event underscores the growing threat to renewable energy grids, where automation devices form vulnerable hubs.
Assault On Renewable Energy Farms
The primary targets were power substations key grid connection points that funnel energy from wind turbines and solar panels into Poland’s distribution system.
These sites host critical industrial gear, including remote terminal units (RTUs) for telecontrol and monitoring, human-machine interfaces (HMIs) for status visualization, protection relays to guard against electrical faults, and communication tools like serial port servers, modems, routers, and switches.
Hackers first infiltrated the internal networks of these substations. They conducted thorough reconnaissance to map devices, then devised a destructive blueprint: corrupting controller firmware, wiping system files, and deploying custom wiper malware.
This semi-automated sabotage plan activated on the morning of December 29. Damaged RTUs crippled communication with the distribution system operator (DSO), blocking remote oversight and control.
Yet, local energy generation persisted uninterrupted, as the attacks spared core production processes.
This precision targeting highlights attackers’ deep knowledge of operational technology (OT), blending IT exploits with physical-layer disruption a tactic seldom seen in prior incidents.
Strike On CHP Plant and Manufacturing Firm
According to Cert, the CHP plant faced a stealthier threat. After months of infiltration, attackers stole sensitive operational data and seized privileged accounts, enabling lateral movement across the network.
Their goal: unleash wiper malware to erase data irreversibly on internal devices, sabotaging heat production. Endpoint detection and response (EDR) software intervened, halting the payload before it spread.
On the same day, a manufacturing company suffered a parallel hit. Though opportunistic and unrelated to energy goals, it synced timing with the main assaults and used identical wiper malware.
Technical analysis reveals the malware’s sophistication, designed for mass file deletion and system paralysis.
| Malware Characteristics | Details |
|---|---|
| Type | Wiper (destructive payload) |
| Deployment Method | Privileged account execution post-infiltration |
| Effects | Firmware corruption, file deletion, network isolation |
| Defenses Observed | Blocked by EDR at CHP plant |
Infrastructure clues compromised VPS servers, routers, traffic flows, and anonymization chains link the attacks to the notorious threat cluster dubbed “Static Tundra” (Cisco), “Berserk Bear” (CrowdStrike), “Ghost Blizzard” (Microsoft), and “Dragonfly” (Symantec).
This group has long fixated on energy sectors, boasting tools for OT disruption. Notably, this marks their first publicly documented destructive operation, shifting from espionage to outright sabotage.
Poland’s response included rapid isolation of affected systems and forensic probes. No group has claimed responsibility, but the timing amid geopolitical tensions raises alarms.
Experts warn of copycat risks to Europe’s green energy push, where legacy OT devices often lack modern defenses.
Operators should prioritize network segmentation, EDR in OT environments, and firmware integrity checks.
This incident signals a new era of cyber-physical warfare, demanding resilient defenses for vital infrastructure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Poland’s Renewable Energy Sector Faces Widespread Cyber Intrusions appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.