Poland Attributes December Cyber Attacks to Static Tundra
These articles are AI-generated summaries. Please check the original sources for full details.
Coordinated Cyber Attacks on Energy Sector
The Polish computer emergency response team, CERT Polska, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, as well as a large combined heat and power plant, on December 29, 2025. The attacks, attributed to the threat cluster Static Tundra, involved the use of DynoWiper malware and exploitation of FortiGate vulnerabilities.
Why This Matters
The attacks highlight the vulnerability of critical infrastructure to cyber threats, with potential disruptions to essential services such as electricity and heat supply. The use of wiper malware, such as DynoWiper, can cause significant damage to systems and data, with the potential for long-term consequences. According to CERT Polska, the attacks had a purely destructive objective, but fortunately, did not affect the ongoing production of electricity or heat supply.
Key Insights
- DynoWiper malware was used in the attacks, with at least four different versions discovered to date: This malware is capable of recursively wiping files on all removable and fixed drives.
- The attacks involved exploitation of FortiGate vulnerabilities, including the use of default credentials and outdated firmware: This highlights the importance of regular security updates and patches.
- The threat actor, Static Tundra, is assessed to be linked to Russia’s Federal Security Service’s (FSB) Center 16 unit: This attribution is based on tactical overlaps and the threat actor’s targeting of energy companies.
Working Example
// Example of DynoWiper malware functionality
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
int main() {
// Seed pseudorandom number generator
srand(time(NULL));
// Enumerate files and corrupt them
// ...
// Delete files
// ...
return 0;
}Practical Applications
- Use Case: Energy companies, such as those in Poland, can implement robust security measures, including regular updates and patches, to prevent similar attacks.
- Pitfall: Failure to implement proper security measures, such as two-factor authentication and secure configuration of devices, can lead to successful attacks and significant disruptions to critical infrastructure.
References:
Continue reading
Next article
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
Related Content
Weekly Cybersecurity Recap: Emerging Threats, Vulnerabilities, and Industry Developments (2025-11-03)
A detailed summary of critical cyber threats, exploits, and updates from late 2025, including nation-state attacks, AI-driven vulnerabilities, and new security tools.
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
ESET links Russia-backed Sandworm to a failed December 2025 cyberattack using DynoWiper malware against Poland’s power and renewable energy systems.
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
China-linked Mustang Panda used updated COOLCLIENT malware in 2025 to steal data from government and telecom targets, affecting Asia and Russia with comprehensive data theft from infected endpoints.