Poland’s Power Grid Cyberattack: Perpetrators Identified
In late December 2025, Poland faced a significant cyberattack targeting its power grid infrastructure. The attack involved a coordinated effort likely orchestrated by the Russian hacking group Electrum, according to investigations led by the American cybersecurity company Dragos.
Details of the Cyberattack
On December 29, 2025, cybercriminals targeted communication and control systems of the energy networks across Poland. Specific focus areas included combined heat and power plants and systems managing energy from renewable sources, such as wind and solar farms.
- Incident Date: December 29, 2025
- Perpetrators: Russian hacking group Electrum
- Targeted Systems:
- Energy communication systems
- Control systems for energy distribution
- Renewable energy sources management
Despite not causing any power outages, hackers gained access to critical operational systems. In several cases, they permanently damaged key equipment at the targeted facilities, necessitating physical replacements. Prime Minister Donald Tusk confirmed in January 2026 that the attack was thwarted and that the transmission system remained secure. However, experts warned it exposed vulnerabilities in smaller facilities within the network.
Significance of the Attack
This incident marks the first major coordinated cyberattack aimed at decentralized energy resources on such a scale. Unlike previous attacks on Ukraine’s centralized systems in 2015 and 2016, this assault struck at the “edge of the grid,” hitting numerous smaller installations with generally lower cybersecurity measures.
- Power Capacity Impacted: Approximately 1.2 GW from the attacked sites
- Potential Risks: Loss of connectivity and control over generating networks could lead to cascading failures.
Experts indicated that this event should serve as a wake-up call for countries like Poland, undergoing energy transformation and increasingly relying on renewable energy sources. The attack highlights the critical need for enhanced cybersecurity measures to protect these decentralized resources.
Broader Implications
The ongoing investigation into the cyberattack is being handled by Poland’s CERT (Computer Emergency Response Team). Following the attack, Polish authorities suspected Russian involvement, emphasizing the growing threat of cyberattacks on critical infrastructure as a component of Russia’s hybrid warfare strategy against the West.
European intelligence agencies have warned for months about the escalating frequency of Russian cyberattacks. In August 2025, the International Institute for Strategic Studies highlighted how these actions aim to destabilize European governments and undermine support for Ukraine by imposing social and economic costs on Europe. Additionally, a October 2025 Danish intelligence report noted an increasing readiness by Russia to employ hybrid tactics in and against Europe.
As the landscape of cyber threats evolves, nations must remain vigilant and proactive in securing their vital infrastructure against such attacks.
