好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读这篇文章,了解主要信息。 文章讲的是俄罗斯相关的Sandworm APT组织在2025年12月对波兰的电力系统发动了大规模网络攻击。ESET的研究人员将这次攻击归因于Sandworm,他们发现了一种名为DynoWiper的恶意软件,虽然没有造成实际破坏,但显示出破坏意图。这次攻击发生在冬季用电高峰期,也是Sandworm在2015年攻击乌克兰电网的十周年纪念。 接下来,我需要提取关键点:俄罗斯关联的Sandworm APT、2025年12月攻击波兰电网、使用DynoWiper恶意软件、未成功破坏、与之前活动相似、发生在冬季用电高峰和乌克兰攻击十周年。 然后,我需要把这些信息浓缩成一句话,不超过100字。要确保涵盖主要事件和相关背景。 可能的结构是:俄罗斯关联的Sandworm APT在2025年12月对波兰电网发动大规模网络攻击,使用了名为DynoWiper的恶意软件。尽管没有造成破坏,但显示出破坏意图,并且这次攻击发生在冬季用电高峰和乌克兰事件十周年之际。 最后检查字数是否符合要求,并确保语句通顺。 </think> 俄罗斯关联的Sandworm APT组织于2025年12月对波兰电力系统发动大规模网络攻击,使用名为DynoWiper的恶意软件。尽管未造成实际破坏,但显示出明显的破坏意图。此次攻击恰逢冬季用电高峰及该组织十年前对乌克兰电网攻击的十周年纪念。 2026-1-26 08:7:9 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025.
ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT.
“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” said ESET researchers. “We’re not aware of any successful disruption occurring as a result of this attack,” ESET researchers said.
ESET researchers uncovered DynoWiper, a destructive wiper malware used in an attempted cyberattack against Poland’s energy sector on December 29, 2025. While no successful disruption has been confirmed, the malware’s architecture shows clear destructive intent. ESET attributes the operation with medium confidence to the Russia-aligned Sandworm APT group, citing strong overlaps in tactics, techniques, and behavior with previous Sandworm-linked wiper attacks analyzed by the team.
The attack struck during peak winter and the 10‑year anniversary of Sandworm’s 2015 attack on 🇺🇦 Ukraine’s power grid – the first malware-driven blackout, leaving ~230,000 people without electricity. 3/5
— ESET Research (@ESETresearch) January 23, 2026
The attempted attack occurred during peak winter demand and coincided with the 10-year anniversary of Sandworm’s 2015 cyberattack on Ukraine’s power grid, the first malware-induced blackout that left around 230,000 people without electricity. ESET tracks the DynoWiper malware as Win32/KillFiles.NMO. Subscribers to ESET’s private Threat Intelligence APT reports have already received further technical details and indicators of compromise to aid rapid detection and incident response. The cybersecurity firm also shared an associated IoC hash for defensive use.
“Fast forward a decade and Sandworm continues to target entities operating in various critical infrastructure sectors, especially in Ukraine.” concludes the report. “In their latest APT Activity Report, covering April to September 2025, ESET researchers noted that they spotted Sandworm conducting wiper attacks against targets in Ukraine on a regular basis.”
The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000. It operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine,including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
如有侵权请联系:admin#unsafe.sh