Poland is witnessing a significant rise in cybersecurity threats, with 2025 reporting 2.5 times more cyberattacks than the previous year. Government officials indicated that the ongoing surge poses unprecedented challenges, especially following a critical infiltration of the energy sector.
Surge in Cyberattacks in Poland
According to Deputy Minister of Digital Affairs Paweł Olszewski, Poland faced approximately 270,000 cyberattacks throughout the past year. This relentless wave of cyber threats has escalated drastically, compelling the government to enhance its cyber defense strategies substantially.
Key Facts and Statistics
- Year: 2025
- Increased attacks: 2.5 times compared to 2024
- Total cyberattacks: 270,000
- Energy sector attack date: December 29, 2025
Targeted Cyberattack on Energy Sector
A coordinated cyberattack struck Poland’s energy infrastructure on December 29, 2025. The assault targeted multiple facilities, including a combined heat and power plant that serves nearly 500,000 customers.
Authorities believe this attack originated from a single threat actor connected to Russian intelligence. Notably, while the energy supply remained intact, the malicious nature of the incident raised significant alarms. CERT Polska, the national Computer Emergency Response Team, issued a report detailing the attack in late January, urging for insights from the cybersecurity community.
Nature of the Attack
According to Marcin Dudek, head of CERT, this incident represents a significant escalation in cyber aggression. Unlike previous ransomware cases driven by financial gain, this attack appeared motivated solely by destruction.
Dudek remarked that Poland has not faced destructive attacks of this scale against its energy sector before. He also indicated that such advanced attacks in NATO and EU countries are largely unprecedented.
Investigation and Threat Actors
The inquiry into the December cyberattack suggests involvement from notorious Russian cyber groups. CERT identified connections to a threat actor known as “Dragonfly,” associated with Russia’s FSB Center 16. This group has historically targeted energy sectors but had not previously executed destructive actions.
| Threat Actor | Association |
|---|---|
| Dragonfly | FSB Center 16 |
| Sandworm | GRU |
Additionally, ESET, a leading cybersecurity firm in the EU, analyzed the malware used and suggested that another group named “Sandworm” might also be responsible. Experts highlighted that this group’s data-wiping techniques could link them to the recent incidents in Poland.
Conclusion
The intensified cyberattack trends in Poland and the alarming assault on its energy infrastructure reflect a broader security challenge linked to Russian activities. Ongoing investigations aim to identify the culprits and fortify Poland’s digital defenses against future threats.
