WARSAW, Poland — Polish cybersecurity authorities have reported a dramatic 250% surge in cyberattacks during 2025, with over 270,000 incidents targeting the nation’s digital infrastructure. Deputy Minister of Digital Affairs Paweł Olszewski revealed these alarming statistics on Tuesday, describing an ongoing ‘cyber war’ that has intensified significantly each year.
The most concerning incident occurred on December 29, when coordinated attacks simultaneously struck a combined heat and power plant serving approximately 500,000 customers and multiple renewable energy facilities. While electricity distribution remained uninterrupted, the destructive nature of the infiltration prompted CERT Polska (Computer Emergency Response Team) to issue an unprecedented public technical report seeking international cybersecurity expertise.
Marcin Dudek, head of CERT Polska, characterized the attack as ‘a significant escalation’ distinct from previous financially-motivated ransomware incidents. ‘The motivation was just destruction,’ Dudek emphasized, noting this marked the first known destructive cyber assault on energy infrastructure within both NATO and European Union territories.
Technical analysis points toward Russian state-sponsored threat actors. CERT’s investigation identified digital infrastructure previously associated with ‘Dragonfly’ (also known as ‘Static Tundra’ or ‘Berserk Bear’), a cybersecurity cluster linked to FSB Center 16 according to FBI alerts. Simultaneously, ESET cybersecurity researchers found malware signatures consistent with ‘Sandworm,’ another Russian-affiliated group historically connected to destructive operations in Ukraine.
Anton Cherepanov, ESET’s senior malware researcher, confirmed the attack employed ‘data-wiping malware and its deployment techniques commonly associated with Sandworm.’ Both groups have established ties to Russian intelligence services, with Sandworm previously attributed to the GRU by U.S. authorities.
The Polish government under Prime Minister Donald Tusk has substantially reinforced cyber defenses since Russia’s full-scale invasion of Ukraine in 2022. The Russian Embassy in Warsaw has not responded to requests for comment regarding these allegations.