Coordinated Wiper Attacks Hit 30+ Renewable Farms, Sparking Grid Security Concerns

February 1, 2026 at 09:45 AM

•

1 min read

Coordinated Wiper Attacks Hit 30+ Renewable Farms, Sparking Grid Security Concerns — Photo: The Hacker News

TL;DR Summary

CERT Polska disclosed a coordinated, destructive cyber campaign on Dec 29, 2025 that hit more than 30 wind/solar farms and a CHP plant, disrupting substation communications but not stopping electricity or heat delivery. The attackers deployed wipers (DynoWiper, LazyWiper) via compromised Fortinet devices and Active Directory, used multiple accounts with no two-factor authentication, and leveraged Tor/IPs to access energy networks, with several variants and likely LLM involvement; data was also exfiltrated from OT/cloud services. Attribution to Static Tundra tied to Russia's FSB is stated by CERT Polska, though some researchers link activity to Sandworm.

Topics:business #cert-polska #cyberattack #dynowiper #energy-grid #sandworm #technology

Share this article

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms The Hacker News
Polish officials blame Russian domestic spy agency for Dec 29 cyberattacks Reuters
Energy Sector Incident Report - 29 December 2025 CERT Polska
Russian hackers breached Polish power grid thanks to bad security, report says TechCrunch
DynoWiper update: Technical analysis and attribution WeLiveSecurity

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

87%

733 → 94 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights