Warsaw officially accused Russian intelligence structures of orchestrating a wave of cyberattacks against Poland's critical infrastructure in late December 2025, according to reports from the Polish Computer Emergency Response Team (CERT).
CERT characterized the incident as 'purely destructive,' drawing comparisons to deliberate arson, noting the timing coincided with severe frost and blizzards that threatened heating supplies for nearly half a million residents. The scope of the attack included roughly 30 renewable energy facilities, an industrial plant, and a critical thermal power station.
Polish investigators attribute the intrusion to a hacking subdivision of Russia's Federal Security Service (FSB), specifically identifying the group tracked as 'Center 16,' which is also associated with known actors like Berserk Bear and Dragonfly. The primary objective reported was the complete erasure of data on the thermal power station's internal systems, though defensive mechanisms reportedly prevented the final stage of the attack.
Geopolitically, the targeting of essential services during extreme weather raises concerns about state-sponsored actors testing resilience thresholds in NATO-aligned economies. Russia consistently denies involvement in European cyber incidents, and the Russian embassy reportedly declined to comment on the specific allegations.
However, alternative analysis from Slovakian cybersecurity firm ESET suggests the involvement of Sandworm, a different Russian group often linked to the GRU military intelligence service. ESET researchers noted malware similarities linking the observed activity to prior destructive campaigns attributed to Moscow.
This incident underscores the escalating sophistication of state-sponsored cyber warfare targeting economic stability, particularly concerning energy supply chains during vulnerable periods. The possibility remains that multiple Russian-linked groups collaborated on the complex operation, according to ESET's findings.
Recent global intelligence reports have highlighted increased activity from state-backed actors, including Chinese penetration of UK official communications and the use of AI tools by Chinese-linked groups like Mustang Panda against US organizations.
