ATLA WIRE

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

25.01.2026
11123
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
ESET links Russia-backed Sandworm to a failed December 2025 cyberattack using DynoWiper malware against Poland's power and renewable energy systems.

Russia's Sandworm Crew Tried to Wipe Poland's Power Grid — And Failed

ESET just dropped the tea: Russia's infamous Sandworm APT tried to nuke Poland's power sector in December 2025 with a brand-new wiper malware called DynoWiper. The attack targeted critical infrastructure and renewable energy systems — but got shut down before it could cause real damage. Talk about a cyber fail.
Sandworm (aka APT44, aka Unit 74455 of Russia's GRU) has been Russia's go-to digital wrecking crew for years. These are the same clowns behind NotPetya, the 2015 Ukraine blackout, and the 2017 French election meddling. Now they're targeting Poland's energy infrastructure with next-gen wiper tech.
DynoWiper is the malware that almost did the deed. It's designed to permanently destroy data and disrupt industrial control systems (ICS) — basically digital arson for power grids. The attack was aimed at both traditional power plants and renewable energy installations, showing Sandworm's playing the long game against Europe's energy transition.
Polish cybersecurity teams detected and neutralized the attack before it could execute its destructive payload. No power outages or physical damage occurred — but this is a major warning shot. Sandworm's evolving their toolkit, and critical infrastructure remains in the crosshairs.
The timing is sus: December 2025 puts this right in the middle of ongoing geopolitical tensions between NATO and Russia. Sandworm's modus operandi has always been hybrid warfare — blending cyber attacks with physical disruption to destabilize targets.
  • Sandworm = Russia's GRU Unit 74455 (APT44)
  • Attack occurred December 2025
  • Target: Poland's power sector + renewable energy
  • Malware: New DynoWiper wiper
  • Result: Failed — detected and stopped before execution
  • Previous ops: NotPetya, Ukraine blackouts, French election interference
Bottom line: Russia's cyber warfare units are still actively targeting critical infrastructure in NATO countries. DynoWiper represents an escalation in their destructive capabilities — even if this particular attack failed. Energy companies and governments need to level up their ICS security yesterday.
#malware#Geopolitics#state-sponsored cyber attacks#Critical infrastructure#Poland
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
Banner | ATLA WIRE