New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

Russia-backed Sandworm hackers attempted a large-scale cyberattack against Poland’s power grid in December 2025, deploying a new wiper malware called DynoWiper. The attack, targeting CHP plants and renewable energy systems, was ultimately unsuccessful, according to Polish officials.

Why This Matters

Critical infrastructure is increasingly vulnerable to nation-state actors, and the ideal model of “security through obscurity” consistently fails against determined adversaries. While the Polish attack was thwarted, successful attacks on energy infrastructure can cause widespread disruption, as demonstrated by the 2015 Ukrainian power grid attack which left 230,000 people without power for up to six hours. The cost of recovery from such attacks extends beyond immediate outages to include long-term economic and reputational damage.

Key Insights

• December 2015: Sandworm’s BlackEnergy malware caused a power outage in Ukraine, affecting 230,000 people.
• Wiper Malware Evolution: DynoWiper joins a lineage of Sandworm-linked wipers including KillDisk, HermeticWiper, ZEROLOT, and Sting, demonstrating a consistent tactic of data destruction.
• OT/IT Convergence: The attack targeted both IT and Operational Technology (OT) systems, highlighting the increasing interconnectedness and vulnerability of critical infrastructure.

Practical Applications

• Use Case: Polish energy sector experienced a targeted attack, prompting increased cybersecurity safeguards and legislation.
• Pitfall: Relying solely on perimeter defenses; Sandworm’s persistence demonstrates the need for robust internal detection and response capabilities.

References:

• https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html