Poland’s Computer Emergency Response Team (CERT) has issued a report blaming Russian hackers for a December 29 cyberattack that hit several energy facilities, including a thermal power plant that supplies heat to nearly 500,000 customers, Reuters reported.
Investigators link the activity to hackers controlled by the FSB’s 16th Center, a unit responsible for signals intelligence. The group is also known as “Berserk Bear” and “Dragonfly.”
“It is worth noting that the attacks coincided with low temperatures and snowfall affecting Poland shortly before New Year’s,” the report said.
Slovak cybersecurity firm ESET reached similar conclusions in a report published last week, saying the malware used in the attack on Poland’s energy sector resembles tools previously seen in Russian cyber operations. However, ESET attributed the latest incident to the GRU-linked hacking group known as Sandworm, rather than the FSB.
Polish outlet Rzeczpospolita reported the attack failed to achieve its goal: although hackers disrupted communications with solar and wind power plants and distribution system operators, electricity was not cut. And even if outages had occurred at all 30 targeted sites, it would not have affected the stability of Poland’s power system.
