Incident Overview
At the end of 2023, Poland’s Computer Emergency Response Team (CERT) disclosed that Russian government‑backed hackers breached several components of the country’s energy grid, including wind farms, solar installations, and a heat‑and‑power plant.
Vulnerabilities Exploited
The attackers faced minimal resistance because the targeted systems suffered from basic security oversights:
- Use of default usernames and passwords
- Absence of multi‑factor authentication (MFA)
- Outdated or unpatched software
Attribution and Hacker Groups
Initial analysis by cybersecurity firms ESET and Dragos linked the intrusion to the notorious Russian group Sandworm, known for destructive attacks on Ukrainian energy assets in 2015, 2016 and 2022.
Poland’s CERT, however, identified a different Russian state‑sponsored group—Berserk Bear, also known as Dragonfly. Unlike Sandworm, Berserk Bear is primarily associated with cyber‑espionage rather than sabotage.
Implications for Energy Security
The breach highlights the critical need for robust cybersecurity measures in national energy infrastructure. Weak authentication practices can provide a low‑effort entry point for sophisticated actors, potentially leading to espionage, disruption, or future sabotage.
Recommendations
- Implement mandatory multi‑factor authentication for all privileged accounts.
- Replace default credentials with strong, unique passwords.
- Conduct regular security audits and penetration testing of critical systems.
- Adopt network segmentation to limit lateral movement.
- Increase threat‑intelligence sharing between government agencies and private sector operators.