ESET Ties DynoWiper Grid Attack to Sandworm

ESET ties a DynoWiper attack on Poland’s power grid in December 2025 to Sandworm, a Russia-aligned advanced persistent threat group. Security researchers at the cybersecurity firm said the destructive malware targeted critical infrastructure, disrupting power systems in the region. ESET linked the activity to Sandworm based on malware forensics and operational tactics resembling past campaigns attributed to the group.

The investigation revealed that DynoWiper was deployed to erase key system data, likely aiming to impair operational technology functions within energy networks. Analysts noted that this type of wiper malware is consistent with previous incidents involving Sandworm, which has a history of targeting power grids to destabilize geopolitical adversaries.

The report adds to mounting concern among European nations over escalating cyber threats to critical infrastructure. ESET ties DynoWiper attack tactics to broader Russian interests, reinforcing the need for improved cyber defense in the energy sector.

ESET attributes DynoWiper-powered attack on Poland’s power grid to Russia-aligned Sandworm group