In Brief

The Polish government said Russian government hackers broke into parts of the country’s energy grid infrastructure, taking advantage of its poor security.

On Friday, Poland’s Computer Emergency Response Team (CERT), which is part of the Ministry of Digital Affairs, released a technical report about an incident at the end of last year, where suspected Russian government hackers hacked wind and solar farms and a heat-and-power plant. According to the report, the hackers didn’t face a lot of resistance. The targeted systems used default usernames and passwords and did not have multi-factor authentication enabled, both incredibly basic mistakes. 

The hackers tried to infect the systems they broke into with wiper malware designed to erase and effectively destroy the systems, perhaps trying to turn off the power, although it’s unclear if that was their goal. Either way, the attacks were stopped at the heat-and-power plant, but not at the wind and solar farms, whose systems to monitor and control grid systems were made inoperable by the malware. 

“All of the attacks were purely destructive in nature — by analogy to the physical world, they can be compared to deliberate acts of arson,” read the report. 

The hackers failed to disrupt power at any of their targeted facilities. And even if they had succeeded, the report said that the hack “would not have affected the stability of the Polish power system during the period in question.”

Cybersecurity firms ESET and Dragos previously released reports about the attacks, which occurred on December 29 of last year, accusing the notorious Russian government hacking group Sandworm of being behind the intrusions. Sandworm has a documented history of targeting energy infrastructure in Ukraine and turning off the lights in the country in 2015, 2016, and 2022.

Poland’s CERT, however, accused a different Russian government hacking group, known as Berserk Bear or Dragonfly, which is not known for destructive attacks, but rather more traditional cyberespionage.