Report says Russian hackers breached Polish power grid due to poor security

The Polish government said that hackers affiliated with the Russian government infiltrated parts of the country’s energy grid infrastructure, taking advantage of its weak security.

On Friday, the Polish Computer Emergency Response Team (CERT), part of the Ministry of Digital Affairs, released a technical report on an incident at the end of last year, in which suspected Russian government hackers hacked into wind and solar farms and a heat and electricity plant. According to the report, the hackers did not face much resistance. The targeted systems used default usernames and passwords and did not enable multi-factor authentication, both of which are incredibly basic errors.

The hackers attempted to infect the systems they broke into with malware designed to effectively wipe and destroy systems, and may attempt to cut off power, though it is unclear whether that was their goal. In both cases, the attacks were stopped at the heat and power plant, but not at the wind and solar farms, whose systems for monitoring and controlling grid systems were rendered inoperable by the malware.

“All of the attacks were destructive in nature – compared to the physical world, they are comparable to acts of arson,” the report said.

The hackers failed to disable power at any of their targeted facilities. Even if they had succeeded, the report said the hack “would not have affected the stability of the Polish energy system during the period in question.”

Cybersecurity companies ESET and Dragos had earlier issued reports about the attacks that occurred on December 29 last year, accusing the notorious Russian government hacking group Sandworm of being behind the intrusions. Sandworm has a documented history of targeting Ukraine’s energy infrastructure and turning the lights off in the country in 2015, 2016, and 2022.

However, the Polish CERT team has accused a different Russian government hacking group, known as Berserk Bear or Dragonfly, which is known not for its destructive attacks, but rather for traditional cyber espionage.