Russian hackers breached Polish power grid thanks to bad security, report says

In Brief

The Polish authorities said Russian authorities hackers broke into parts of the country’s vigor grid infrastructure, taking vantage of its mediocre security.

On Friday, Poland’s Computer Emergency Response Team (CERT), which is portion of the Ministry of Digital Affairs, released a method report astir an incidental astatine the extremity of past year, wherever suspected Russian authorities hackers hacked upwind and star farms and a heat-and-power plant. According to the report, the hackers didn’t look a batch of resistance. The targeted systems utilized default usernames and passwords and did not person multi-factor authentication enabled, some incredibly basal mistakes. 

The hackers tried to infect the systems they broke into with wiper malware designed to erase and efficaciously destruct the systems, possibly trying to crook disconnected the power, though it’s unclear if that was their goal. Either way, the attacks were stopped astatine the heat-and-power plant, but not astatine the upwind and star farms, whose systems to show and power grid systems were made inoperable by the malware. 

“All of the attacks were purely destructive successful quality — by analogy to the carnal world, they tin beryllium compared to deliberate acts of arson,” work the report. 

The hackers failed to disrupt powerfulness astatine immoderate of their targeted facilities. And adjacent if they had succeeded, the study said that the hack “would not person affected the stableness of the Polish powerfulness strategy during the play successful question.”

Cybersecurity firms ESET and Dragos antecedently released reports astir the attacks, which occurred connected December 29 of past year, accusing the notorious Russian authorities hacking radical Sandworm of being down the intrusions. Sandworm has a documented past of targeting vigor infrastructure successful Ukraine and turning disconnected the lights successful the state successful 2015, 2016, and 2022.

Poland’s CERT, however, accused a antithetic Russian authorities hacking group, known arsenic Berserk Bear oregon Dragonfly, which is not known for destructive attacks, but alternatively much accepted cyberespionage.

Subscribe for the industry’s biggest tech news