Miłosz Motyka, Poland’s minister of energy, revealed that the country faced the strongest cyberattack in its history, with attackers using a completely new and previously unseen method of infiltration. The incident occurred during the sensitive period between Christmas and New Year. Although Polish services and system operators have long been repelling attempts to breach critical infrastructure, this time the attackers’ strategy was radically different. Instead of targeting central transmission hubs or the largest system power plants, the hackers carried out a mass, coordinated attack on distributed energy sources.
Photo: Ministry Of Energy
Target: Thousands of Small Points
The main targets of the attack were individual photovoltaic farms, wind turbines, and one combined heat and power plant. Minister Motyka emphasized that the attackers sought to exploit the nature of renewable energy sources (RES): while each installation has relatively low capacity on its own, together they form a critical component of the system. “The attack was coordinated and fundamentally different from previous incidents. For the first time, we were dealing with a dispersed strike on this scale,” the energy minister explained. Importantly, Polish services consulted the matter with foreign partners. It turned out that no other country had previously experienced an operation carried out using this specific method, effectively making Poland a testing ground for a new type of cyberattack.
As reported by spidersweb.pl, hackers attempted to disrupt communication between generation installations and grid operators. The outlet notes that this was the first case in which hundreds of small facilities were attacked simultaneously, potentially with the aim of triggering a domino effect within the national system.
The System Withstood the Test
Despite the scale and innovative nature of the attack, Poland’s power grids remained stable. All interference attempts were successfully repelled, and risks were contained by system operators. There were no power outages and no damage to physical infrastructure. However, the incident did prompt the introduction of additional security procedures and a heightened state of readiness among services responsible for critical infrastructure.