What happened
A coordinated cyberattack in late December 2025 targeted more than 30 wind and solar farms, a combined heat and power (CHP) plant, and a manufacturing facility in Poland, deploying wiper malware to damage operational technology and disrupt control systems, but failed to cause widespread outages.Â
Who is affected
The incident hit Poland’s distributed energy resources (DERs), including wind turbines and photovoltaic installations, as well as key CHP infrastructure serving hundreds of thousands of customers.
Why CISOs should care
This event marks one of the first large-scale destructive cyberattacks against decentralized energy assets, exposing vulnerabilities in operational technology (OT) environments and remote access systems. Threat actors exploited default credentials and flawed network defenses to gain access and deploy destructive payloads, underscoring risks to utility and critical infrastructure sectors worldwide.
3 practical actions
- Harden OT environments: Eliminate default credentials, enforce strong authentication, and isolate critical control systems from direct internet exposure.Â
- Improve network visibility and monitoring: Deploy robust OT/IT segmentation and continuous anomaly detection for remote terminal units (RTUs) and human-machine interfaces (HMIs).
- Test response readiness: Conduct regular tabletop exercises and incident response drills tailored to DER and ICS breach scenarios to reduce operational risk.