The Polish authorities stated Russian authorities hackers broke into components of the nation’s power grid infrastructure, benefiting from its poor security.
On Friday, Poland’s Pc Emergency Response Workforce (CERT), which is a part of the Ministry of Digital Affairs, launched a technical report about an incident on the finish of final 12 months, the place suspected Russian authorities hackers hacked wind and photo voltaic farms and a heat-and-power plant. In keeping with the report, the hackers didn’t face a variety of resistance. The focused methods used default usernames and passwords and didn’t have multi-factor authentication enabled, each extremely primary errors.
The hackers tried to contaminate the methods they broke into with wiper malware designed to erase and successfully destroy the methods, maybe attempting to show off the facility, though it’s unclear if that was their aim. Both approach, the assaults had been stopped on the heat-and-power plant, however not on the wind and photo voltaic farms, whose methods to observe and management grid methods had been made inoperable by the malware.
“The entire assaults had been purely damaging in nature — by analogy to the bodily world, they are often in comparison with deliberate acts of arson,” learn the report.
The hackers did not disrupt energy at any of their focused services. And even when that they had succeeded, the report stated that the hack “wouldn’t have affected the steadiness of the Polish energy system in the course of the interval in query.”
Cybersecurity corporations ESET and Dragos beforehand launched reviews concerning the assaults, which occurred on December 29 of final 12 months, accusing the infamous Russian authorities hacking group Sandworm of being behind the intrusions. Sandworm has a documented historical past of focusing on power infrastructure in Ukraine and turning off the lights within the nation in 2015, 2016, and 2022.
Poland’s CERT, nevertheless, accused a special Russian authorities hacking group, referred to as Berserk Bear or Dragonfly, which isn’t recognized for damaging assaults, however fairly extra conventional cyberespionage.
