Critical Infrastructure

The Russian state-linked Sandworm hacking group has been identified as responsible for what is described as the “largest cyberattack” targeting Poland’s power system in the last week of December 2025. Although the attack was detected and neutralized without causing any disruption, experts have linked this activity to a new variant of “wiper” malware deployed by the threat actor. Details of the DynoWiper attack and malware According to a report by ESET, the attack was the work of Sandworm, which used a previously undocumented wiper malware called DynoWiper (also known as Win32/KillFiles.NMO). The attribution to Sandworm is based on similarities with the group’s previous activities, especially in the context of the Russian invasion of Ukraine. ...

Romania’s national water management authority, Romanian Waters (Administrația Națională Apele Române), confirmed being the victim of a ransomware attack during the weekend of December 20, 2025. According to the National Cybersecurity Directorate (DNSC), the incident affected approximately 1,000 computer systems in the central organization and in 10 of its 11 regional offices. Impact on IT and OT Systems The ransomware attack disrupted a variety of IT assets, including Geographic Information System (GIS) servers, databases, email and web services, Windows workstations, and domain name servers (DNS). ...