Sandworm Blamed for Wiper Attack on Poland Power Grid
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
Coverage of incidents attributed to Sandworm, with analysis of infrastructure, disruption, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Sandworm is a name used for an intrusion set associated in public reporting and government assessments with Russia’s GRU, although such attribution remains subject to evidence and revision. Reporting has linked the group to disruptive operations including attacks affecting Ukrainian power distribution and the 2017 NotPetya outbreak, which spread through a compromised software-update channel and caused extensive operational damage. The activity tracked under this name has included destructive malware, denial-of-service attacks, and exploitation of vulnerable systems.
For defenders, the key risk is that an intrusion can progress from access to disruption rather than simple data theft. Priorities include rapidly patching internet-facing and edge systems, enforcing multifactor authentication and least privilege, segmenting critical networks, and maintaining offline, tested backups with restoration procedures. Threat intelligence on reported Sandworm infrastructure and malware can support detection and scoping, but indicators should complement—rather than replace—behavioral monitoring and sound vulnerability-management and incident-response practices.
Weekly headline count for the current query.
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
Signs Point to Long-Active 'Sandworm' Military Intelligence Hackers at WorkRussian cyberattacks in late December 2025 that attempted to disrupt Poland's power grid have been attributed to "Sandworm," the codename for an advanced persistent threat group tied to a Moscow military intelligence unit that repeatedly uses wiper malware, including in these attacks.
Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.…
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. [...]
The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025
Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source. [...]
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe
'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.…
A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.' [...]
Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. [...]
Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [...]
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group
Water tank overflowed during one system malfunction, says Mandiant The Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.…
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. [...]
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022
Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques, Mandiant WarnsRussia's preeminent cyber sabotage unit presents "one of the widest and high severity cyber threats globally," warned Mandiant in a Wednesday report. Mandiant newly designated Sandworm as APT44 to differentiate it from another hacking unit it will still track as APT28.