嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读这篇文章,理解主要内容。 文章主要讲的是俄罗斯关联的Sandworm APT组织在2025年12月对波兰的电力系统发动了大规模网络攻击。ESET的研究人员将这次攻击归因于Sandworm,使用了名为DynoWiper的恶意软件。虽然没有造成实际破坏,但显示出破坏意图。这次攻击发生在冬季高峰和乌克兰停电10周年之际。 接下来,我需要提炼关键点:Sandworm APT、2025年12月、波兰电网、DynoWiper恶意软件、破坏意图、未成功扰乱、乌克兰停电10周年。 然后,把这些点用简洁的语言组织起来,控制在100字以内。确保信息准确且完整。 最后,检查是否有遗漏的重要信息,并确保语言流畅自然。 </think> 俄罗斯关联的Sandworm APT组织涉嫌于2025年12月对波兰电力系统发动大规模网络攻击,使用名为DynoWiper的恶意软件。此次攻击虽未造成实际破坏,但显示出明显的破坏意图。该行动与Sandworm此前针对乌克兰的多次网络攻击行为高度相似,并恰逢乌克兰停电事件十周年及冬季用电高峰。 2026-1-26 08:7:9 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025.
ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT.
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” said ESET researchers. “We’re not aware of any successful disruption occurring as a result of this attack,” ESET researchers said.
ESET researchers uncovered DynoWiper, a destructive wiper malware used in an attempted cyberattack against Poland’s energy sector on December 29, 2025. While no successful disruption has been confirmed, the malware’s architecture shows clear destructive intent. ESET attributes the operation with medium confidence to the Russia-aligned Sandworm APT group, citing strong overlaps in tactics, techniques, and behavior with previous Sandworm-linked wiper attacks analyzed by the team.
The attack struck during peak winter and the 10‑year anniversary of Sandworm’s 2015 attack on 🇺🇦 Ukraine’s power grid – the first malware-driven blackout, leaving ~230,000 people without electricity. 3/5
— ESET Research (@ESETresearch) January 23, 2026
The attempted attack occurred during peak winter demand and coincided with the 10-year anniversary of Sandworm’s 2015 cyberattack on Ukraine’s power grid, the first malware-induced blackout that left around 230,000 people without electricity. ESET tracks the DynoWiper malware as Win32/KillFiles.NMO. Subscribers to ESET’s private Threat Intelligence APT reports have already received further technical details and indicators of compromise to aid rapid detection and incident response. The cybersecurity firm also shared an associated IoC hash for defensive use.
“Fast forward a decade and Sandworm continues to target entities operating in various critical infrastructure sectors, especially in Ukraine.” concludes the report. “In their latest APT Activity Report, covering April to September 2025, ESET researchers noted that they spotted Sandworm conducting wiper attacks against targets in Ukraine on a regular basis.”
The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000. It operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine,including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
如有侵权请联系:admin#unsafe.sh