Summary:
On Dec 29, 2025, a coordinated attack hit Polish renewable energy farms (Wind/PV) and a combined heat & power plant.
Key findings from the report:
Attribution: CERT Polska links the attack to Static Tundra (aka Berserk Bear/Dragonfly), a group associated with the Russian FSB.
Impact: OT communication disrupted using 'DynoWiper' malware; power generation was not stopped, but remote control was severed.
- Initial Access: Exploited FortiGate VPNs lacking MFA and default credentials on OT equipment (Hitachi/Mikronika/Moxa)
- Timeline: Attackers likely had access since March 2025 but executed the wiper attack in late December.
Summary: On Dec 29, 2025, a coordinated attack hit Polish renewable energy farms (Wind/PV) and a combined heat & power plant.
Key findings from the report: Attribution: CERT Polska links the attack to Static Tundra (aka Berserk Bear/Dragonfly), a group associated with the Russian FSB.
Impact: OT communication disrupted using 'DynoWiper' malware; power generation was not stopped, but remote control was severed.
- Initial Access: Exploited FortiGate VPNs lacking MFA and default credentials on OT equipment (Hitachi/Mikronika/Moxa)
- Timeline: Attackers likely had access since March 2025 but executed the wiper attack in late December.
Direct PDF link: https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incid...