Advertisement
Cyber Crime

Russia's Escalation Targets Power Grids

UK and EU officials link the December 2025 attack on Poland's power grid to Russian state operatives, prompting new sanctions.

··2 hours ago·2 min read
a group of cubes that are on a black surface
Photo by Shubham Dhage on Unsplash
Advertisement

The recent formal attribution of a December 2025 cyberattack on Poland's power infrastructure represents a significant escalation in geopolitical tension. Security services from the UK and EU have identified the Russian Federal Security Service, specifically the Centre 16 division, as the party responsible for an operation that carried lethal potential.

Tactical Shifts in State Operations

The attempted disruption targeted communications between renewable energy hardware and grid operators. While the intrusion failed to plunge the country into darkness, investigators noted the use of DynoWiper malware. This destructive tool aligns with previous patterns observed in campaigns like the CaddyWiper attacks on Ukraine and the WhisperGate operations that occurred at the onset of the invasion.

Intelligence agencies emphasize that the attack risked leaving half a million people without electricity during the peak of winter. Despite requests for specific evidence regarding the attribution, the NCSC has declined to comment on sensitive operational intelligence.

Defending Against Known Tradecraft

The UK NCSC has released a technical advisory detailing how threat actors exploit network devices. Centre 16 frequently scans for devices relying on SNMPv1 or SNMPv2, which are susceptible to default or easily guessed community strings, a vulnerability the intelligence community previously highlighted in separate warnings about in April.

The NCSC, alongside our international partners, have repeatedly exposed the advanced tools and coordinated campaigns of Russian cyber actors who persistently seek to exploit any vulnerability they encounter.

— Jonathon Ellison, director of national resilience at the NCSC

Coordinated International Sanctions

In response, the UK and EU have rolled out 24 new sanctions targeting individuals and entities involved in hybrid operations. These include high-profile designations for GRU leadership and entities like IMPULS, which are reportedly involved in recruiting technical talent for state-sponsored cyber efforts. The measures also extend to operators of the Lumma Stealer, a credential-harvesting tool linked to at least 2,100 victims in the UK over a six-month period.

  • 2,100 victims of Lumma Stealer identified in the UK over six months
  • 3,400-plus individuals and entities sanctioned for war support
  • 24 new sanctions unveiled on Monday

Implications for Network Resilience

Organizations across critical sectors—including communications, energy, healthcare, and government—must prioritize the hardening of their network perimeters. Intelligence agencies explicitly advise moving to SNMPv3 to leverage authentication and encryption, while disabling Cisco Smart Install where possible. Beyond internal network security, operators should be aware of the increasing use of IP cameras for physical intelligence gathering, a trend recently documented by Dutch authorities monitoring military logistics routes. The shift suggests that state actors are integrating digital exploitation with physical infrastructure surveillance, making basic hygiene measures like updating firmware and changing default credentials vital for long-term security.

#poland#russia#security#infrastructure#sanctions

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement