On Friday, researchers reported that Poland’s power grid was hit by wiper malware, probably deployed by Russian state-backed hackers, in an effort to interfere with electricity delivery operations.
A cyberattack, Reuters reported, took place in the final week of December. The outlet said it sought to sever communications between renewable facilities and power distribution operators but did not succeed for unspecified reasons.
Wipers R Us
On Friday, security company ESET said the culprit was a wiper — malware that irreversibly deletes code and data on servers to obliterate operations. After analyzing the tactics, techniques, and procedures (TTPs) employed in the intrusion, the firm’s researchers concluded the wiper was likely deployed by the Russian state-linked hacker group tracked as Sandworm.
“After analyzing the malware and linked TTPs, we assign the intrusion to the Russia-aligned Sandworm APT with medium confidence because of significant overlap with past Sandworm wiper operations we examined,” ESET researchers said. “We are not aware of any successful disruption resulting from this incident.”
Sandworm has a lengthy record of destructive operations carried out for the Kremlin against its opponents. Its most infamous attack struck Ukraine in December 2015, leaving roughly 230,000 people without power for about six hours during one of the coldest months. The attackers used general-purpose BlackEnergy malware to breach power companies’ supervisory control and data acquisition systems, then abused valid functionality to halt electricity distribution. That incident was the first recorded malware-driven blackout.
