Winter of Resilience: How Poland’s Defenses Thwarted the “DynoWiper” Assault on Its Energy Grid

In late December 2025, the Polish power grid was besieged by a formidable cyberattack. This incursion, transpiring during the final days of the year, has been characterized by authorities as the most significant assault on the nation’s energy infrastructure in recent memory. Despite the gravity of the attempt, the offensive proved abortive, failing to precipitate any disruptions in the electricity supply.

The Polish Minister of Energy, Miłosh Motyka, disclosed that cyber defense commands intercepted the most potent strike against energy facilities witnessed in a considerable duration. Subsequent forensics by the security firm ESET illuminated the particulars of the event. Researchers identified the employment of a nascent wiper malware, provisionally christened DynoWiper. This genus of malicious software is engineered not for the surreptitious exfiltration of data, but for the wholesale destruction of information and the systemic paralysis of operational technology.

ESET further clarified that this malware was mobilized in an attempt to destabilize the Polish energy sector on December 29, 2025; however, no evidence of successful systemic devastation was manifest. According to government briefings, the primary targets on December 29 and 30 were two combined heat and power (CHP) stations, alongside the management systems governing renewable energy generation, including wind turbines and solar farms.

Prime Minister Donald Tusk announced that the administration is proactively formulating enhanced defensive protocols, including a landmark Cybersecurity Act. This legislation is poised to mandate rigorous standards for risk management, the fortification of both IT and OT (Operational Technology) systems, and formalized incident response procedures for critical infrastructure.

Notably, in June 2025, analysts from Cisco Talos had documented an assault on a critical infrastructure facility utilizing a previously unknown wiper dubbed PathWiper, which shared functional commonalities with HermeticWiper. Throughout that same year, the adversarial collective deployed the ZEROLOT and Sting malware strains. Between June and September 2025, a litany of similar malicious tools was observed targeting entities within the governmental, energy, logistics, and agricultural sectors, underscoring a persistent and escalating threat landscape.