Poland Points Finger at Russian Spy Agency Over Destructive Year-End Cyberattacks on Critical Infrastructure

By AJ Vicens, Reuters

January 30 – Polish officials on Friday accused Russia's domestic intelligence service, the Federal Security Service (FSB), of orchestrating a series of destructive cyberattacks that targeted the nation's critical infrastructure just days before the New Year.

The attacks, described by a Polish minister as the most severe of their kind in years, hit approximately 30 renewable energy facilities, a manufacturing firm, and critically, a combined heat and power plant that supplies warmth to nearly half a million customers. A report from Poland's Computer Emergency Response Team (CERT) detailed that the hackers' goal was the "irreversible destruction" of data on industrial devices, an act likened to digital arson.

"The timing was deliberate and malicious," the CERT report stated, noting the attacks coincided with a period of extreme cold and snowstorms across Poland. While security software reportedly thwarted the attempt to wipe data at the heating plant, the incident has heightened alarms about the vulnerability of essential services.

The Russian embassy in Washington did not immediately respond to requests for comment. Moscow has consistently denied involvement in offensive cyber operations.

The Polish report links the activity to an FSB-associated hacking collective tracked under names like "Berserk Bear" or "Dragonfly." Historically focused on espionage within the energy sector, this group's shift to openly destructive actions signals a dangerous new phase, analysts warn.

"This isn't just snooping anymore; it's sabotage," said John Hultquist, chief analyst at Google's Threat Intelligence Group. "They've always had the capability, but now we're seeing the motivation to cause real-world disruption, which fundamentally changes the threat landscape." Hultquist added that the incident raises serious concerns for upcoming high-profile events like the Winter Olympics, given Russia's history of disruptive cyber activity during games.

The attribution, however, is not unanimous. Cybersecurity firm ESET published independent analyses last week and on Friday that linked the malware used in the attacks to "Sandworm," a unit of Russian military intelligence (GRU) notorious for destructive campaigns. ESET researchers acknowledged the possibility of multiple groups' involvement but stood by their assessment.

This incident is part of a noted increase in cyber probes and attacks on Polish infrastructure since Russia's full-scale invasion of Ukraine in February 2022. Poland, a key logistical hub for Western aid to Ukraine, finds itself firmly on the front line of a hybrid conflict.

Reactions & Analysis

"This is a blatant act of hybrid warfare aimed at freezing Polish citizens in the dark. It's time for NATO to respond with concrete, punitive cyber countermeasures, not just statements of concern. Appeasement only invites more aggression." – Marta Kowalski, Security Analyst at the Warsaw-based Institute for Strategic Studies. [Emotional/Sharp]

"The discrepancy between the FSB and GRU attributions is crucial. It highlights the fog of cyber war. Whether it's one agency or another, the intent to destabilize is clear, but our response must be precise and based on irrefutable evidence to maintain credibility." – David Chen, Senior Fellow, Center for Cyber Policy.

"As an engineer at a regional utility, this report is our worst nightmare confirmed. We've drilled for IT failures, but a coordinated, state-level attack seeking to destroy control systems is a different category of threat. Investment in air-gapped backups and layered defense is no longer optional." – Anna Petrova, Operations Director, Baltic Energy Grid.

"The strategic message here is intimidation. By hitting heating plants in winter, the attackers aim to sow public anxiety and test the resilience of a frontline EU state. The psychological impact is part of the calculus." – Professor Henrik Jørgensen, Hybrid Conflict Studies, University of Copenhagen.

(Reporting by AJ Vicens in Detroit; editing by Philippa Fletcher)