The coordinated attack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems.
Although the attacker compromised operational technology (OT) systems damaging "key equipment beyond repair," they failed to disrupt power, totalling 1.2 GW or 5% of Poland’s energy supply.
Based on public reports, there are at least 12 confirmed affected sites. However, researchers at Dragos, a critical industrial infrastructure (OT) and control systems (ICS) security company say that the number is approximately 30.
Flaws and misconfigurations
Researchers at Dragos, a critical industrial infrastructure (OT) and control systems (ICS) security company, published more details about the attack and say that the absence of power outages does not indicate a less concerning incident, but should be seen as a warning about the vulnerability of decentralized energy systems.
"An attack on a power grid at any time is irresponsible, but to carry it out in the depths of winter is potentially lethal to the civilian population dependent on it," reads the Dragos report.
"It is unfortunate that those who attack these systems appear to deliberately choose timing that maximizes impact on civilian populations."
Dragos attributes the attack with moderate confidence to a Russian threat actor it tracks as Electrum, which, although it overlaps with Sandworm (APT44), the researchers underline that it is a distinct activity cluster.
ESET published a report a few days back about APT44, linking it to failed destructive attacks against Poland’s power grid using malware called DynoWiper.
Dragos links Electrum to other wipers deployed against Ukrainian networks, including power-supply units such as Caddywiper and Industroyer2, noting that the threat group’s operations have recently expanded to more countries.
... continue reading